Loading ...

Play interactive tourEdit tour

Windows Analysis Report 1COK25f1vT.exe

Overview

General Information

Sample Name:1COK25f1vT.exe
Analysis ID:542372
MD5:5918b91ac2931af0267e4af06f3fd2e2
SHA1:1ce7cccf52a0a569d013c0a91efb4f808c3c6194
SHA256:41acb7b14d4167374da9039e1324caac71b397bf246abb50cb9ae1ca197b3cc1
Tags:AZORultexe
Infos:

Most interesting Screenshot:

Detection

AZORult GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Detected AZORult Info Stealer
Yara detected Azorult Info Stealer
Detected unpacking (changes PE section rights)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to steal Crypto Currency Wallets
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
Tries to harvest and steal Bitcoin Wallet information
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Is looking for software installed on the system
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 1COK25f1vT.exe (PID: 7040 cmdline: "C:\Users\user\Desktop\1COK25f1vT.exe" MD5: 5918B91AC2931AF0267E4AF06F3FD2E2)
    • 1COK25f1vT.exe (PID: 2132 cmdline: "C:\Users\user\Desktop\1COK25f1vT.exe" MD5: 5918B91AC2931AF0267E4AF06F3FD2E2)
      • cmd.exe (PID: 1360 cmdline: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1COK25f1vT.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 1676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 6828 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: Azorult

{"C2 url": "http://185.29.11.112/rothchildnew/Panel/index.php"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.385834969.000000001FC24000.00000040.00020000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
      0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        0000000C.00000002.515598674.000000002030C000.00000004.00000001.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
          00000000.00000002.383092369.0000000002A90000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.1COK25f1vT.exe.400000.0.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
              12.2.1COK25f1vT.exe.400000.0.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
                12.2.1COK25f1vT.exe.400000.0.unpackAzorult_1Azorult Payloadkevoreilly
                • 0x17353:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
                • 0x1207c:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
                12.2.1COK25f1vT.exe.2004391e.5.raw.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
                  12.2.1COK25f1vT.exe.2004391e.5.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
                  • 0x2988e9:$string1: SELECT origin_url, username_value, password_value FROM logins
                  • 0x2994d6:$string1: SELECT origin_url, username_value, password_value FROM logins
                  • 0x109a34:$string2: API call with %s database connection pointer
                  • 0x10a668:$string3: os_win.c:%d: (%lu) %s(%s) - %s
                  Click to see the 4 entries

                  Sigma Overview

                  No Sigma rule has matched

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 12.2.1COK25f1vT.exe.400000.0.unpackMalware Configuration Extractor: Azorult {"C2 url": "http://185.29.11.112/rothchildnew/Panel/index.php"}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: 1COK25f1vT.exeVirustotal: Detection: 40%Perma Link
                  Source: 1COK25f1vT.exeReversingLabs: Detection: 71%
                  Source: 0.2.1COK25f1vT.exe.1fb10000.1.unpackAvira: Label: TR/Dropper.Gen
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040A610 CryptUnprotectData,LocalFree,
                  Source: 1COK25f1vT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.3:49786 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.3:49787 version: TLS 1.2
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, api-ms-win-crt-locale-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482084797.000000001F99C000.00000004.00000001.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nss3.dll.12.dr
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-2-0.dll.12.dr
                  Source: Binary string: ucrtbase.pdb source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.463561095.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-debug-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476648214.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.476666229.000000001F9A0000.00000004.00000001.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491786540.00000000203A4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482100861.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491797103.00000000203A8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.468064054.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-heap-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-util-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-1-0.dll.12.dr
                  Source: Binary string: vcruntime140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491619490.000000002035C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-environment-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, mozglue.dll.12.dr
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, freebl3.dll.12.dr
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-core-console-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.481305544.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-private-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.465766679.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491604512.0000000020358000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478268008.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.478663759.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
                  Source: Binary string: msvcp140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
                  Source: Binary string: ucrtbase.pdbUGP source: 1COK25f1vT.exe, 0000000C.00000003.489027569.000000001F308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, ucrtbase.dll.12.dr
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, api-ms-win-core-profile-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-time-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-handle-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475799639.000000001F998000.00000004.00000001.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.472715273.000000001F9A0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-datetime-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491560498.000000002034C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477468468.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491586380.0000000020354000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.477869582.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-crt-conio-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.470488936.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-localization-l1-2-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479960511.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480478688.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, api-ms-win-crt-math-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, softokn3.dll.12.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491349501.0000000020324000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.473845022.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491334003.0000000020320000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491319974.000000002031C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.12.dr
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491277123.000000002030C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491294897.0000000020314000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471221878.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491306740.0000000020318000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.471958408.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.12.dr
                  Source: Binary string: vcruntime140.i386.pdb source: 1COK25f1vT.exe, 0000000C.00000003.490976694.000000001F304000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489151743.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.493685455.000000001F978000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490948392.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, vcruntime140.dll.12.dr
                  Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491708487.000000002037C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491671682.0000000020370000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491685778.0000000020374000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.480866812.000000001F998000.00000004.00000001.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491836442.00000000203BC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491826874.00000000203B8000.00000004.00000001.sdmp, api-ms-win-crt-utility-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491501790.0000000020340000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491475649.000000002033C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491523003.0000000020344000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491545056.0000000020348000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-timezone-l1-1-0.dll.12.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, nssdbm3.dll.12.dr
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.475000686.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.475402246.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491363124.0000000020330000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491387107.0000000020334000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491439552.0000000020338000.00000004.00000001.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
                  Source: Binary string: msvcp140.i386.pdbGCTL source: 1COK25f1vT.exe, 0000000C.00000003.485203963.000000001F1CC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492268054.000000001F688000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485153671.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, msvcp140.dll.12.dr
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.466563733.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, api-ms-win-core-file-l2-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491775740.0000000020398000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491748363.0000000020388000.00000004.00000001.sdmp, api-ms-win-crt-process-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.469680104.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491260411.0000000020308000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491143128.00000000202F4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491172974.00000000202F8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491203658.00000000202FC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491225253.0000000020300000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491075653.00000000202E8000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491029771.00000000202E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491109654.00000000202EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.490992060.00000000202E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491243929.0000000020304000.00000004.00000001.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.491634229.0000000020368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491651913.000000002036C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479481362.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.479096628.000000001F990000.00000004.00000001.sdmp, api-ms-win-crt-heap-l1-1-0.dll.12.dr
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 1COK25f1vT.exe, 0000000C.00000003.482506212.000000001F994000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.482913611.000000001F99C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.514885809.000000001FB30000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491806581.00000000203B4000.00000004.00000001.sdmp, api-ms-win-crt-string-l1-1-0.dll.12.dr
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0041006C FindFirstFileW,FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00414808 FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00413030 FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_004099C0 FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040A9E4 FindFirstFileW,FindNextFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040D988 FindFirstFileW,FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_004119AC FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00414A90 FindFirstFileW,FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040FB40 FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D6C FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00414DE8 FindFirstFileW,FindNextFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0041160C FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00409EF0 FindFirstFileW,GetFileAttributesW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00413F58 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040F7A8 FindFirstFileW,FindNextFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00410064 FindFirstFileW,FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00410068 FindFirstFileW,FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040A9E3 FindFirstFileW,FindNextFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_004119A8 FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040DB00 FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040DB30 FindFirstFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D40 FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D48 FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00412D54 FindFirstFileW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00413F58 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00409EE8 FindFirstFileW,GetFileAttributesW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040F798 FindFirstFileW,FindNextFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_0040F7A0 FindFirstFileW,FindNextFileW,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_1_004148A0 __vbaStrCopy,__vbaStrCopy,__vbaStrCopy,__vbaRedim,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,FindFirstFileW,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaGenerateBoundsError,__vbaGenerateBoundsError,__vbaUI1I2,__vbaFreeStr,__vbaFreeStr,__vbaFreeStr,__vbaAryDestruct,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_1_00414DD0 __vbaChkstk,__vbaOnError,FindFirstFileW,

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2029465 ET TROJAN Win32/AZORult V3.2 Client Checkin M15 192.168.2.3:49789 -> 185.29.11.112:80
                  Source: TrafficSnort IDS: 2029141 ET TROJAN AZORult v3.2 Server Response M3 185.29.11.112:80 -> 192.168.2.3:49789
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: http://185.29.11.112/rothchildnew/Panel/index.php
                  Source: Joe Sandbox ViewASN Name: DATACLUB-NL DATACLUB-NL
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7bnkiq90sqb2f9a5rfbavvv8a7avoa21/1639944750000/11699732749327025486/*/17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-b4-docs.googleusercontent.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 4f ed 3e 33 ed 3e 3c ed 3e 3d ed 3e 3a ed 3e 3b 8a 28 38 8c 28 39 f1 28 39 fb 28 39 fa 28 39 ff 4f 2f fb 3c 2f fb 38 2f fb 34 4b Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8KO>3><>=>:>;(8(9(9(9(9O/</8/4K
                  Source: global trafficHTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 73426Cache-Control: no-cache
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.29.11.112
                  Source: 1COK25f1vT.exe, 0000000C.00000002.514050041.000000001E780000.00000004.00000001.sdmpString found in binary or memory: http://185.29.11.112/rothchildnew/Panel/index.php
                  Source: 1COK25f1vT.exe, 0000000C.00000002.514050041.000000001E780000.00000004.00000001.sdmpString found in binary or memory: http://185.29.11.112/rothchildnew/Panel/index.phpx
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                  Source: 1COK25f1vT.exe, 1COK25f1vT.exe, 0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpString found in binary or memory: http://ip-api.com/json
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ocsp.digicert.com0N
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ocsp.thawte.com0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: mozglue.dll.12.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: http://www.mozilla.com0
                  Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: 1COK25f1vT.exe, 1COK25f1vT.exe, 0000000C.00000002.510992835.0000000000401000.00000020.00020000.sdmpString found in binary or memory: https://dotbit.me/a/
                  Source: 1COK25f1vT.exe, 0000000C.00000002.511282880.0000000002150000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: 1COK25f1vT.exe, 0000000C.00000003.484184430.000000001F9EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487119055.000000001F238000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484675523.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487230327.000000001F364000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487823577.000000001F1F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492897666.000000001F85C000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492773065.000000001F838000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485757428.000000001F368000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492649482.000000001F820000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491908994.000000001F660000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.485890632.000000001F290000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491844346.000000001F610000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.492301830.000000001F6F0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.491938965.000000001F6E0000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.483738780.000000001F990000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.489216061.000000001F1EC000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484708142.000000001F9E4000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.484234075.000000001F998000.00000004.00000001.sdmp, 1COK25f1vT.exe, 0000000C.00000003.487925295.000000001F1CC000.00000004.00000001.sdmp, mozglue.dll.12.dr, softokn3.dll.12.dr, nssdbm3.dll.12.dr, freebl3.dll.12.dr, nss3.dll.12.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: 1COK25f1vT.exe, 0000000C.00000002.515276537.000000001FF80000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html
                  Source: 364961566067931661861453.tmp.12.dr, 364969067119854362121246.tmp.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: unknownHTTP traffic detected: POST /rothchildnew/Panel/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: 185.29.11.112Content-Length: 107Cache-Control: no-cacheData Raw: 4a 4f ed 3e 32 ed 3e 3c 89 28 39 fe 49 2f fb 38 2f fa 49 4c ed 3e 33 ed 3e 3e ed 3e 3b ed 3e 3e ed 3e 33 ed 3e 3a ed 3e 3d ed 3f 4e 89 28 39 fd 28 39 ff 4e 4e 8d 28 39 ff 28 39 f1 28 38 8c 4b 4f ed 3e 33 ed 3e 3c ed 3e 3d ed 3e 3a ed 3e 3b 8a 28 38 8c 28 39 f1 28 39 fb 28 39 fa 28 39 ff 4f 2f fb 3c 2f fb 38 2f fb 34 4b Data Ascii: JO>2><(9I/8/IL>3>>>;>>>3>:>=?N(9(9NN(9(9(8KO>3><>=>:>;(8(9(9(9(9O/</8/4K
                  Source: unknownDNS traffic detected: queries for: drive.google.com
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 12_2_00417D84 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,HttpOpenRequestA,HttpSendRequestA,GetMessageA,InternetReadFile,
                  Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7bnkiq90sqb2f9a5rfbavvv8a7avoa21/1639944750000/11699732749327025486/*/17RU0VECH2DoNYHaGWGuE-Ywt9AUTzsM-?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-b4-docs.googleusercontent.comConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.3:49786 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.3:49787 version: TLS 1.2

                  System Summary:

                  barindex
                  Potential malicious icon foundShow sources
                  Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 12.2.1COK25f1vT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
                  Source: 12.2.1COK25f1vT.exe.2004391e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 12.2.1COK25f1vT.exe.1ffd81cd.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 12.2.1COK25f1vT.exe.1ffb61e0.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 1COK25f1vT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  Source: 12.2.1COK25f1vT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
                  Source: 12.2.1COK25f1vT.exe.2004391e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 12.2.1COK25f1vT.exe.1ffd81cd.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 12.2.1COK25f1vT.exe.1ffb61e0.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_004016DC
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9128E
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A963E9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99D25
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A91D79
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A956AA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99EA7
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94EB1
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A946B2
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98EB2
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A966B6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95A8B
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94E9A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98E9D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99E91
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99EFE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99EC5
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95AC7
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94ED9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A996D9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98EDD
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98ED1
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94631
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94637
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A92209
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99E09
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9926A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99E66
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9564D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95BA9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A957B5
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9678E
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98F80
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F9C
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A963ED
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94FEF
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A90BEE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94FE6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98FF9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A983CA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98FC2
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A953DD
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A98F2A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95B32
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96737
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99718
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9671B
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9571A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F1F
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94711
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F6F
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96766
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95B71
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95775
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95748
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99F46
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95CAB
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A948A3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96CB9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A958BB
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A954BE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A990B3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9688D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99091
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96497
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95CEA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A990EE
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A964E6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A980C0
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A938DA
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95C21
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95425
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9683D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99035
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96434
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95403
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95805
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95C06
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96C19
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95C65
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95864
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A94866
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9904D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9644E
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96C5A
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A991B6
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95599
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A945E5
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A955FD
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A965F3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A991F7
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A991C9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A965CB
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99DC3
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A945C4
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A959C4
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A969D9
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99DDB
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95D3D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9913E
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95931
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99D32
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96534
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95503
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9596F
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99D61
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96975
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99D75
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99D4D
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9694C
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A95555
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 00403BF4 appears 46 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 004062FC appears 42 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 00404E98 appears 86 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 0040300C appears 32 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 00403E78 appears 31 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 00404EC0 appears 33 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: String function: 004034E4 appears 33 times
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A963E9 NtAllocateVirtualMemory,LoadLibraryA,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A99933 NtProtectVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A963ED NtAllocateVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A998A5 NtProtectVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96497 NtAllocateVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A964E6 NtAllocateVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A998FD NtProtectVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A998DD NtProtectVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96434 NtAllocateVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A9644E NtAllocateVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeCode function: 0_2_02A96534 NtAllocateVirtualMemory,
                  Source: C:\Users\user\Desktop\1COK25f1vT.exeProcess Stats: CPU usage > 98%
                  Source: api-ms-win-core-file-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-memory-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-multibyte-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-stdio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-debug-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-handle-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-sysinfo-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-filesystem-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-rtlsupport-l1-1-0.dll.12.drStatic PE information: No import funct